cleanup php session files
PhpSessionPhp Problem Overview
On my website I use PHP sessions. Session information is stored in files in my ./session path. After a few months I discovered that these session files are never deleted, by now there are 145.000 of them in this directory.
How should these be cleaned up? Do I have to do it programmatically, or is ther a setting I can use somewhere that would have this cleanup happen automatically?
EDIT forgot to mention: This site runs at a provider, so I don't have access to a command line. I do have ftp-access, but the session files belong to another user (the one the webserver proces runs I guess) From the first answers I got I think it's not just a setting on the server or PHP, so I guess I'll have to implement something for it in PHP, and call that periodically from a browser (maybe from a cron job running on my own machine at home)
Php Solutions
Solution 1 - Php
To handle session properly, take a look at http://php.net/manual/en/session.configuration.php.
There you'll find these variables:
- session.gc_probability
- session.gc_divisor
- session.gc_maxlifetime
These control the garbage collector (GC) probability of running with each page request.
You could set those with ini_set() at the beginning of your script or .htaccess file so you get certainty to some extent they will get deleted sometime.
Solution 2 - Php
Debian/Ubuntu handles this with a cronjob defined in /etc/cron.d/php5
# /etc/cron.d/php5: crontab fragment for php5
# This purges session files older than X, where X is defined in seconds
# as the largest value of session.gc_maxlifetime from all your php.ini
# files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime
# Look for and purge old sessions every 30 minutes
09,39 * * * * root [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm
The maxlifetime script simply returns the number of minutes a session should be kept alive by checking php.ini, it looks like this
#!/bin/sh -e
max=1440
for ini in /etc/php5/*/php.ini; do
cur=$(sed -n -e 's/^[[:space:]]*session.gc_maxlifetime[[:space:]]*=[[:space:]]*\([0-9]\+\).*$/\1/p' $ini 2>/dev/null || true);
[ -z "$cur" ] && cur=0
[ "$cur" -gt "$max" ] && max=$cur
done
echo $(($max/60))
exit 0
Solution 3 - Php
In case someone want's to do this with a cronjob, please keep in mind that this:
find .session/ -atime +7 -exec rm {} \;
is really slow, when having a lot of files.
Consider using this instead:
find .session/ -atime +7 | xargs -r rm
In Case you have spaces in you file names use this:
find .session/ -atime +7 -print0 | xargs -0 -r rm
xargs
will fill up the commandline with files to be deleted, then run the rm
command a lot lesser than -exec rm {} \;
, which will call the rm
command for each file.
Just my two cents
Solution 4 - Php
cd to sessions directory and then:
-
View sessions older than 40 min:
find . -amin +40 -exec stat -c "%n %y" {} \;
-
Remove sessions older than 40 min:
find . -amin +40 -exec rm {} \;
Solution 5 - Php
Use cron with find to delete files older than given threshold. For example to delete files that haven't been accessed for at least a week.
find .session/ -atime +7 -exec rm {} \;
Solution 6 - Php
You can create script /etc/cron.hourly/php and put there:
#!/bin/bash
max=24
tmpdir=/tmp
nice find ${tmpdir} -type f -name 'sess_*' -mmin +${max} -delete
Then make the script executable (chmod +x).
Now every hour will be deleted all session files with data modified more than 24 minutes ago.
Solution 7 - Php
# Every 30 minutes, not on the hour<br>
# Grabs maxlifetime directly from \`php -i\`<br>
# doesn't care if /var/lib/php5 exists, errs go to /dev/null<br>
09,39 * * * * find /var/lib/php5/ -type f -cmin +$(echo "\`php -i|grep -i session.gc_maxlifetime|cut -d' ' -f3\` / 60" | bc) -exec rm -f {} \\; >/dev/null 2>&1
The Breakdown:
Only files: find /var/lib/php5/ -type f
Older than minutes: -cmin
Get php settings: $(echo "`php -i|grep -i session.gc_maxlifetime
Do the math: |cut -d' ' -f3` / 60" | bc)
RM matching files: -exec rm -f {} \;
Solution 8 - Php
My best guess would be that you are on a shared server and the session files are mixed along all users so you can't, nor you should, delete them. What you can do, if you are worried about scaling and/or your users session privacy, is to move sessions to the database.
Start writing that Cookie to the database and you've got a long way towards scaling you app across multiple servers when time is due.
Apart from that I would not worry much with the 145.000 files.
Solution 9 - Php
Use below cron:
39 20 * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm