Confused about sessions (using MAMP)

Hey guys,

On all my pages I use session_start() to initialize a session with the user. Every time a session is started, a new file is added to the MAMP/tmp/php/ directory with the session info for the user. I only use session_destroy() when the user clicks log out.

So I tested it and visited my site. A file is created. Now I close my browser, but the session file still remains in the folder. Can this get troublesome? At one point I had thousands of old, empty session files. Do I need to use some sort of script to clean up this folder every day or two?

As I know, session file will be auto cleaned up. Take a look at php.ini and configure for session variable.

PHP’s internal garbage collection mechanism will take care of those files for you. :slight_smile:

Do you know how often it runs its cleaning process? Because it still had thousands of files in it after a few weeks. Maybe the cleanup process is disabled? Is that in the php.ini file?

There are some configuration options here: PHP: Runtime Configuration - Manual


there are currently 21,000+ session files in my /Applications/MAMP/tmp/php folder.
How can I guarantee that this doesn’t accumulate so heavily? I have tried your advice in the links, but it’s been about 20 days and the files have not been cleaned up automatically obviously.

Maybe it’s my PHP code? But I can’t call session_destroy() when the user closes his or her browser. That would work, to delete the files upon the user ending a session, but it’s not possible to code.

If the user clicks log out though then the session file will be removed from that folder… it’s just users dont always log out. And it doesn’t solve the problem for guests who don’t have accounts to log out of.

For PHP’s garbage collector to clean up, PHP needs to run constantly. That means you need to have users hitting the pages over and over again. PHP cannot clean up if it doesn’t run.

I would just use a load testing benchmark which simulates multiple users hitting the site. Or manually clean it up on the dev server every so often.

One way around the problem if the garbage collection doesn’t seem to work is to migrate the session storage over to storing sessions and have a cron job set up to delete a row in the session table if the current date and time is later then the expires date and time.

Well if there are 25,000 session files from the last 20 days then that means people have been hitting the page! doesn’t it?

Can you please elaborate on this or post a link? This sounds great.

No. It doesn’t mean that at all. It just means 25,000 session files were created in 20 days.
See Session configuration details on Garbage Collection:

Can you please elaborate on this or post a link? This sounds great.[/QUOTE]

Storing sessions in a text file is only php’s default behaviour, you can change this to store them wherever you want, such as in a database or in memory, with session_set_save_handler().

Check out Chris Shiflett’s article on storing sessions in a database. It’s pretty old, but still a good starting point.

Sorry. What I meant was: I use PHP to set sessions when a user visits the site. So PHP is what is being run to make them. So doesn’t that mean PHP has constantly been running?

The moment the page hits the browser PHP is no longer running for that user. Also the GC_Probability that the GC will run is 1 in 1000th, that is 0.01% of the time by default settings. See the link I posted above.

Okay thank you very much for clearing that up. This makes more sense to me now. What would you recommend as a good probability setting? :slight_smile:

Default settings are 1 for session.gc_probability and 100 for session.gc_divisor

1/100 = 1%

Not in the current php.ini files that are shipped with PHP. In both “Production” and “Development” php.ini files set the divisor to 1000. Anyone using those get the default value of 1000.

; Defines the probability that the 'garbage collection' process is started on every
; session initialization. The probability is calculated by using the following equation:
; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
; session.gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chance
; the gc will run on any give request. Increasing this value to 1000 will give you
; a 0.1% chance the gc will run on any give request. For high volume production servers,
; this is a more efficient approach.
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
session.gc_divisor = 1000