Session garbage collection query

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Mickey
    #1

    Session garbage collection query

    Hi,

    I just have a couple of questions regarding sessions. I read the php
    manual but I just wasn't clear on a couple of things.

    I am using the following to control my sessions:
    ...
    ini_set('sessio n.save_path',"./sessions/sess/");
    ini_set("sessio n.gc_maxlifetim e","300");
    ini_set('sessio n.gc_probabilit y',1);
    ini_set('sessio n.gc_divisor',1 );
    ...

    I want the garbage collector to kill a users session the second a user
    closes their browser (or as quick as possible). Am I doing correct
    above ^ to achieve this?

    Also, are there any security issues with having the 'session.save_p ath'
    set to a directory like above or should I perhaps have it set to
    somewhere like "../../sessions/sess/"?

    Thanks in advance!

    Tags: None
    • rehevkor5
      #2
      Re: Session garbage collection query

      Although what you wrote looks ok to me, the only way to be sure is to
      do some testing, and actually watch the server create and destroy the
      session files. That way you will be sure it is behaving the way you
      want it to. You can use a browser like Firefox to look at the session
      id in the cookie created by your site to pair up a browser session with
      a session file on the server (it will be named with the session id).

      Also, I'm not so sure about that session.save_pa th. Seems to me that
      should be an absolute path, starting from a drive letter in Windows or
      root in *nix.


      Mickey wrote:
      Hi,
      >
      I just have a couple of questions regarding sessions. I read the php
      manual but I just wasn't clear on a couple of things.
      >
      I am using the following to control my sessions:
      ..
      ini_set('sessio n.save_path',"./sessions/sess/");
      ini_set("sessio n.gc_maxlifetim e","300");
      ini_set('sessio n.gc_probabilit y',1);
      ini_set('sessio n.gc_divisor',1 );
      ..
      >
      I want the garbage collector to kill a users session the second a user
      closes their browser (or as quick as possible). Am I doing correct
      above ^ to achieve this?
      >
      Also, are there any security issues with having the 'session.save_p ath'
      set to a directory like above or should I perhaps have it set to
      somewhere like "../../sessions/sess/"?
      >
      Thanks in advance!

        Comment

        • Jerry Stuckle
          #3
          Re: Session garbage collection query

          Mickey wrote:
          Hi,
          >
          I just have a couple of questions regarding sessions. I read the php
          manual but I just wasn't clear on a couple of things.
          >
          I am using the following to control my sessions:
          ..
          ini_set('sessio n.save_path',"./sessions/sess/");
          ini_set("sessio n.gc_maxlifetim e","300");
          ini_set('sessio n.gc_probabilit y',1);
          ini_set('sessio n.gc_divisor',1 );
          ..
          >
          I want the garbage collector to kill a users session the second a user
          closes their browser (or as quick as possible). Am I doing correct
          above ^ to achieve this?
          >
          Also, are there any security issues with having the 'session.save_p ath'
          set to a directory like above or should I perhaps have it set to
          somewhere like "../../sessions/sess/"?
          >
          Thanks in advance!
          >
          You can't do it. Your system gets no notification when the client
          closes their browser.

          About all you can do is set a timeout long enough that an active user
          doesn't get frustrated, but short enough that the sessions don't hang
          around forever.

          --
          =============== ===
          Remove the "x" from my email address
          Jerry Stuckle
          JDS Computer Training Corp.
          jstucklex@attgl obal.net
          =============== ===

            Comment

            Previous template Next
            Working...