On all my pages I use session_start() to initialize a session with the user. Every time a session is started, a new file is added to the MAMP/tmp/php/ directory with the session info for the user. I only use session_destroy() when the user clicks log out.
So I tested it and visited my site. A file is created. Now I close my browser, but the session file still remains in the folder. Can this get troublesome? At one point I had thousands of old, empty session files. Do I need to use some sort of script to clean up this folder every day or two?
Do you know how often it runs its cleaning process? Because it still had thousands of files in it after a few weeks. Maybe the cleanup process is disabled? Is that in the php.ini file?
there are currently 21,000+ session files in my /Applications/MAMP/tmp/php folder.
How can I guarantee that this doesn’t accumulate so heavily? I have tried your advice in the links, but it’s been about 20 days and the files have not been cleaned up automatically obviously.
Maybe it’s my PHP code? But I can’t call session_destroy() when the user closes his or her browser. That would work, to delete the files upon the user ending a session, but it’s not possible to code.
If the user clicks log out though then the session file will be removed from that folder… it’s just users dont always log out. And it doesn’t solve the problem for guests who don’t have accounts to log out of.
For PHP’s garbage collector to clean up, PHP needs to run constantly. That means you need to have users hitting the pages over and over again. PHP cannot clean up if it doesn’t run.
I would just use a load testing benchmark which simulates multiple users hitting the site. Or manually clean it up on the dev server every so often.
One way around the problem if the garbage collection doesn’t seem to work is to migrate the session storage over to storing sessions and have a cron job set up to delete a row in the session table if the current date and time is later then the expires date and time.
Can you please elaborate on this or post a link? This sounds great.[/QUOTE]
Storing sessions in a text file is only php’s default behaviour, you can change this to store them wherever you want, such as in a database or in memory, with session_set_save_handler().
Sorry. What I meant was: I use PHP to set sessions when a user visits the site. So PHP is what is being run to make them. So doesn’t that mean PHP has constantly been running?
The moment the page hits the browser PHP is no longer running for that user. Also the GC_Probability that the GC will run is 1 in 1000th, that is 0.01% of the time by default settings. See the link I posted above.
Not in the current php.ini files that are shipped with PHP. In both “Production” and “Development” php.ini files set the divisor to 1000. Anyone using those get the default value of 1000.
; Defines the probability that the 'garbage collection' process is started on every
; session initialization. The probability is calculated by using the following equation:
; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
; session.gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chance
; the gc will run on any give request. Increasing this value to 1000 will give you
; a 0.1% chance the gc will run on any give request. For high volume production servers,
; this is a more efficient approach.
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
; http://php.net/session.gc-divisor
session.gc_divisor = 1000
