February 12th, 2013, 08:13 AM
Since you're no longer storing sessions in the operating system's temporary directory, you may have to set up your own session save handler which does the garbage collection for you and deletes old session files.
HEY! YOU! Read the New User Guide and Forum Rules
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin
"The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002
Think we're being rude? Maybe you asked a bad question
or you're a Help Vampire.
Trying to argue intelligently? Please read this.
February 13th, 2013, 12:04 AM
Thank you for the much needed help!
I have a question though. When I read the PHP manual for session_save_handler, I found the following sentence in it.
"The garbage collector callback is invoked internally by PHP periodically in order to purge old session data. "
What does it mean? Does the gc (garbage collection) happen automatically anyway? What is the frequency of automatic gc callback? Would it be absolutely necessary to use session_save_handler if it is automatic? Noticed the word 'may' in your reply, that's why I am asking.
Thanks in advance for your reply!
February 13th, 2013, 04:06 AM
The garbage collector does run automatically (specified in the php.ini by session.gc_maxlifetime, session.gc_probability and session.gc_divisor):
Originally Posted by mozart66
However, since you changed the save path, ManiacDan assumed that you might have to define your own session routine. But I tested it on my local server, and it's not necessary. The sessions get deleted like they should.
What's the return value of session_destroy when you call it?
Note that currently you do not delete the session cookie. So even when you delete the session file, it will be recreated (empty) as soon as you call session_start again for that user -- which is a security risk. Delete the cookie (see the manual page on session_destroy) and call session_regenerate_id when a user logs in.
February 13th, 2013, 06:00 AM
When session_destroy() is being called in my log out script, no $_SESSION data can be seen (used var_dump for $_SESSION) before or after the session_destroy() as there is session_unset() before session_destroy() in my script. In my log out script none of the session variables get printed when I try var_dump or even echo. Though for session_destroy() to work, I do have session_start() in the beginning of the script.
Originally Posted by Jacques1
February 13th, 2013, 06:12 AM
We need to know the return value of session_destroy():
The content of $_SESSION tells you nothing about whether or not the session file exists. Focus on session_destroy() and check if it works (i. e. deletes the session file).
$destroy_retval = session_destroy();
echo 'session_destroy: ' . ($destroy_retval ? 'true' : 'false');
February 13th, 2013, 06:27 AM
the session file is getting deleted after the log out!!
February 13th, 2013, 06:30 AM
February 13th, 2013, 06:39 AM
YES!! Thank you! That's exactly what I was looking for! For the session file to be completely removed after the logout! The new session directory on the web server has read / write / execution permissions and there is another person from client's end besides me who has access to it from outside. If he / she accidentally gets into this directory and without realizing plays with it, there could be problems and that was the reason I wanted the session files to be deleted and not just the session variables to be unset. Looks like what I am currently doing is giving me the required results!
Thank you once again!