Are PHP session files ever deleted?
Solution 1
They should be deleted by the PHP garbage collector. The frequency is controlled by the session.gc_maxlifetime
setting in php.ini. Possibly if this is not kicking in you have other problems.
Solution 2
On default Debian and Ubuntu, the sessions are cleaned up by cron /etc/cron.d/php5
# Look for and purge old sessions every 30 minutes
09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -delete
where /usr/lib/php5/maxlifetime
gives lifetime in minutes as set in session.gc_maxlifetime
.
Solution 3
Also at reboot - as /tmp is always cleared out on reboot.
Solution 4
You could setup a cron script to clean them up automatically. It's generally a good idea to test for creation date older than what the life of cookies is set up to be on your system.
Limiting cookie life is done thusly (must be done before script outputs anything):
<?php
session_name('my_site_name');
session_set_cookie_params(1209600); # max cookie age of 14 days
# send cookie headers
session_start();
?>
Then, in your cleanup script:
#!/bin/sh
find /tmp -maxdepth 1 -type f -name 'php_session_file_prefix*' -ctime +15 -exec rm -f {} \;
Then, in your crontab:
# Run daily cron jobs at 03:40 every day
40 3 * * * /path/to/php-session-cleanup.sh
Related videos on Youtube
GetFree
Updated on September 17, 2022Comments
-
GetFree over 1 year
I see there are thousands of files in my "/tmp" directory (a CentOS machine) and almost all of them are PHP session files.
I'm worried about the possible impact this might have on my system.
Are those files ever deleted either by the OS, Apache or PHP? or I have to take care of it myself?-
GetFree about 14 years@Zoredache, For that I would need to write a session handler which uses mysql. Plus, that would put extra loading on the DB which is already very loaded. I dont know if the impact on performance would be good.
-
Karoly Horvath almost 12 yearsdo you see old files?
-
kojiro over 10 years@GetFree well, you wouldn't need to write one. There are existing session handlers for memcached, mysql, redis, postgres, msession, and many more.
-
-
GetFree about 14 yearsBut garbage collection exits from PHP 5.3 on. What about older versions?
-
dunxd over 12 yearsIf your question is specific to a particular version of PHP, then you need to state this in your question.
-
johannes over 12 years"garbage collection" is used in different ways for different things. The session garbage collection exists since PHP 4.0 (which introduced the session module). What's new in 5.3 is the memory garbage collection for cleaning up cyclic references of PHP variables where the reference counting mechanism keeps them alive till request end. php.net/gc vs. php.net/session.gc-probability
-
kojiro over 10 yearsActually, whether it is or not depends on how your system is configured.
-
AndreyP about 3 yearsIn Ubuntu 20 the sessions are cleaned up by calling script
/usr/lib/php/sessionclean
in cron/etc/cron.d/php5