I am building a online ticket booking site . In this I am doing the following things : The user searches the bus with their seat numbers . The database is updated with the seat numbers with temp_seat_book = 'Y'
. If he books the ticket paying money his status will be updated to final_ticket_book = 'Y'
. Now I want to delete the field whose temp_seat_book = 'Y'
but
final_ticket_book = 'N'
. For this I need to delete the session_ids which is more than 10minutes old and final_ticket_book = 'N'
. So how I can implement the background job?
Destroying a PHP Session A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.
session_destroy() function: It destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. session_unset() function: It deletes only the variables from session and session still exists. Only data is truncated.
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called. Note: You do not have to call session_destroy() from usual code.
Instead of doing a search for files (which involves more i/o ) etc,
What is a session cookie: Session Cookie
A better way is to store a time stamp of the 'most recent activity' in the $_SESSION variable.
And updating the session data on every request (including the automated periodic ajax calls if any).
Lets say you want to unset the session after 10 minutes,
if (isset($_SESSION['most_recent_activity']) &&
(time() - $_SESSION['most_recent_activity'] > 600)) {
//600 seconds = 10 minutes
session_destroy();
session_unset();
}
$_SESSION['most_recent_activity'] = time(); // the start of the session.
To avoid attacks like Session fixation: (Session Fixation is an attack that permits an attacker to hijack a valid user session) keep regenerating the session id periodically say for 5 mins (I would suggest to keep the regeneration time as well as session expire time a bit more). A more elaborate list of attacks: attack list.
if (!isset($_SESSION['CREATED'])) {
$_SESSION['CREATED'] = time();
}
else if (time() - $_SESSION['CREATED'] > 600) {
session_regenerate_id(true);
$_SESSION['CREATED'] = time();
}
Also, make sure session.gc-maxlifetime
is set to the maximum expire time you want to use.
You can do this
ini_set('session.gc-maxlifetime', 600)
Or
Set it directly in your php.ini.
and also
session.cookie_lifetime :
session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser.
But, destroying the session must be taken care at the server-side and not the client-side. Setting the session.cookie_lifetime set to 0 would make the session’s cookie behave the way a session cookie should i.e. that a session cookie is only valid until the browser is closed.
Although this method is a tad tedious, Its more elegant.
Ah, found the link which I had read a long time ago! : How do I expire a PHP session after 30 minutes?
Standard PHP sessions are stored in files. You could implement a simple shell script to find any session file which hasn't been touched in 10 minutes:
find /path/to/session/dir/* -mmin -10
grep can be used to find the session files which have a final_ticket_book='N' value stored in them:
grep -l 's:17:"final_ticket_book";s:1:"N";'
(the -l flags has grep spit out the names of the files which match).
Combining the two gives you:
find /path/to/session/dir -mmin -10|xargs grep -l 's:17:"final_ticket_book";s:1:"N";'|xargs rm -f
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With