Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Check if PHP session_id is in use

Tags:

php

sessionid

I am building a web-app that users can upload certain files and work on them through the web-app interface. I need to store these files for the length of a users session. I am creating a folder for each user using the session_id as the folder name and storing the files in there.

The problem: There is nothing to indicate that a user walked away from my site and the session is going out of use. I need a cleanup script that takes the name of each folder and checks if that session_id is still active in order to delete unused and now unreachable folders. How can I do this?

like image 916
Baruch Avatar asked Jun 01 '11 19:06

Baruch


People also ask

How do you check if PHP session is working?

session_status() is used to return the current session status.

How can I check if my session ID is valid?

Therefore, to validate the session ID we need to create a regular expression that looks for the correct set of characters of the expected length. As far as I can tell, we can't use session_id() as we haven't started the session yet, however as the session is just a cookie at the HTTP level, we can use $_COOKIE instead.

Can PHP track user sessions?

PHP allows us to track each visitor via a unique session ID which can be used to correlate data between connections. This id is a random string sent to the user when a session is created and is stored within the user's browser in a cookie (by default called PHPSESSID).

Why session_start () is used in PHP?

session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie. When session_start() is called or when a session auto starts, PHP will call the open and read session save handlers.


1 Answers

I have had precisely the same issue. My solution was to check for the session file:

<?php
// clean-up script.  Get cron/windows task scheduler to run this every hour or so

// this is the path where PHP saves session files
$session_path = ini_get('session.save_path');

// this is the directory where you have created your folders that named after the session_id:
$session_files_dir = '/path/to/your/save/dir';

// loop through all sub-directories in the above folder to get all session ids with saved files:

if ($handle = opendir($session_files_dir)) {

    while (false !== ($file = readdir($handle))) {

        // ignore the pseudo-entries:
        if ($file != '.' && $file != '..') {

            // check whether php has cleaned up the session file
            if (  file_exists("$session_path/sess_$file")  ) {
                // session is still alive
            } else {
                // session has expired
                // do your own garbage collection here
            }

        }
    }

    closedir($handle);
}

?>

Note that this assumes that the session.save_handler ini setting is set to "files", the session.save_path setting does not have the directory-level prefix (i.e. does not match regex /^\d+;/ ) and that php's automatic session garbage collection is enabled. If either of the above assumptions are not true then you should be implementing manual session garbage collection anyway, so can add your clean-up code to that.

This also assumes that the only files in $session_files_dir are your per-session folders and they are all named after their associated session_id.

like image 120
daiscog Avatar answered Sep 30 '22 20:09

daiscog