I am building a web-app that users can upload certain files and work on them through the web-app interface. I need to store these files for the length of a users session. I am creating a folder for each user using the session_id
as the folder name and storing the files in there.
The problem: There is nothing to indicate that a user walked away from my site and the session is going out of use. I need a cleanup script that takes the name of each folder and checks if that session_id
is still active in order to delete unused and now unreachable folders. How can I do this?
session_status() is used to return the current session status.
Therefore, to validate the session ID we need to create a regular expression that looks for the correct set of characters of the expected length. As far as I can tell, we can't use session_id() as we haven't started the session yet, however as the session is just a cookie at the HTTP level, we can use $_COOKIE instead.
PHP allows us to track each visitor via a unique session ID which can be used to correlate data between connections. This id is a random string sent to the user when a session is created and is stored within the user's browser in a cookie (by default called PHPSESSID).
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie. When session_start() is called or when a session auto starts, PHP will call the open and read session save handlers.
I have had precisely the same issue. My solution was to check for the session file:
<?php
// clean-up script. Get cron/windows task scheduler to run this every hour or so
// this is the path where PHP saves session files
$session_path = ini_get('session.save_path');
// this is the directory where you have created your folders that named after the session_id:
$session_files_dir = '/path/to/your/save/dir';
// loop through all sub-directories in the above folder to get all session ids with saved files:
if ($handle = opendir($session_files_dir)) {
while (false !== ($file = readdir($handle))) {
// ignore the pseudo-entries:
if ($file != '.' && $file != '..') {
// check whether php has cleaned up the session file
if ( file_exists("$session_path/sess_$file") ) {
// session is still alive
} else {
// session has expired
// do your own garbage collection here
}
}
}
closedir($handle);
}
?>
Note that this assumes that the session.save_handler
ini setting is set to "files"
, the session.save_path
setting does not have the directory-level prefix (i.e. does not match regex /^\d+;/
) and that php's automatic session garbage collection is enabled. If either of the above assumptions are not true then you should be implementing manual session garbage collection anyway, so can add your clean-up code to that.
This also assumes that the only files in $session_files_dir
are your per-session folders and they are all named after their associated session_id.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With