Are PHP session files ever deleted?

linux apache-2.2 web-server php

They should be deleted by the PHP garbage collector. The frequency is controlled by the session.gc_maxlifetime setting in php.ini. Possibly if this is not kicking in you have other problems.


On default Debian and Ubuntu, the sessions are cleaned up by cron /etc/cron.d/php5

# Look for and purge old sessions every 30 minutes
09,39 *     * * *     root   [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -delete

where /usr/lib/php5/maxlifetime gives lifetime in minutes as set in session.gc_maxlifetime.


Also at reboot - as /tmp is always cleared out on reboot.


You could setup a cron script to clean them up automatically. It's generally a good idea to test for creation date older than what the life of cookies is set up to be on your system.

Limiting cookie life is done thusly (must be done before script outputs anything):

<?php
session_name('my_site_name');
session_set_cookie_params(1209600); # max cookie age of 14 days
# send cookie headers
session_start();
?>

Then, in your cleanup script:

#!/bin/sh
find /tmp -maxdepth 1 -type f -name 'php_session_file_prefix*' -ctime +15 -exec rm -f {} \;

Then, in your crontab:

# Run daily cron jobs at 03:40 every day
40 3 * * * /path/to/php-session-cleanup.sh

Related

Expose docker containers to vpc network
Make consistent copy of maildir
Nginx reverse proxy error page
Nginx + Php5-fpm not rendering php files
Powershell Get-Process : Couldn't connect to remote machine
/etc/hosts file being ignored
What are good load testing tools for IIS 7 web applications?
Dovecot cant connect to imaps 993
Windows Server 2008/R2: Change the maximum UserName length?
fsck a filesystem in a file
PATH issues for init.d scripts on startup
Apc, xcache or eAccelerator? What should I use for Wordpress? [closed]