Why does Debian's PHP sessionclean script touch all open files first?

debian php

Session files that are older than the maximum lifetime, at the time the find command evaluates them, will be deleted.

Files are updated at the latest when the PHP script finishes execution. However, perhaps it is not really fair to kill a session for being idle while it is executing. Thus, the touch updates the modify time on session files which have a php process currently executing.

Yes, there is a race condition of a php process starting after the touch, resuming a too old session, and getting deleted because it did not finish before the find did garbage collection. The session already existed for its full lifetime, probably several minutes. Missing an extension in a fraction of a second window isn't a big deal.

The alternative, PHP's built in implementation, has a 1% or so chance of running garbage collection on execution. For low volume sites, it might not trigger reliably.

Plus, the external script allows locking down the security on the session directory, which is why Debian maintainers did it that way.

Related

What are the drawbacks of putting my staging and production dbs into one Azure Elastic Pool?
Ubuntu Linux - Shared VHDX
Unable to list services in AWS EKS
use makefile to copy files in docker multi-stage builds
How to catch emails on subdomains
AWS, SQS trigger to Lambda is automatically disabled when Lambda fails
AWS Code Build Error : Cannot connect to docker daemon
Packet drop on HP ProLiant DL360 G9 running RHEL 6.10
AWS EC2 security groups not working as expected
How to start iperf3 server in UDP mode?
How to interpret this yum dependency error?
Using tc to decrease bandwidth to a specific destination address