Home / server / Questions / 138214
In Process
GetFree
Asked: 2010-05-04 15:21:37 +0800 CST

Are PHP session files ever deleted?

  • 772

I see there are thousands of files in my "/tmp" directory (a CentOS machine) and almost all of them are PHP session files.
I'm worried about the possible impact this might have on my system.
Are those files ever deleted either by the OS, Apache or PHP? or I have to take care of it myself?

linux php apache-2.2 web-server

4 Answers

  1. They should be deleted by the PHP garbage collector. The frequency is controlled by the session.gc_maxlifetime setting in php.ini. Possibly if this is not kicking in you have other problems.

    • 9

  2. On default Debian and Ubuntu, the sessions are cleaned up by cron /etc/cron.d/php5

    # Look for and purge old sessions every 30 minutes
09,39 *     * * *     root   [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -delete

    where /usr/lib/php5/maxlifetime gives lifetime in minutes as set in session.gc_maxlifetime.

    • 7

  3. Also at reboot - as /tmp is always cleared out on reboot.

    • 2

  4. You could setup a cron script to clean them up automatically. It's generally a good idea to test for creation date older than what the life of cookies is set up to be on your system.

    Limiting cookie life is done thusly (must be done before script outputs anything):

    <?php
session_name('my_site_name');
session_set_cookie_params(1209600); # max cookie age of 14 days
# send cookie headers
session_start();
?>

    Then, in your cleanup script:

    #!/bin/sh
find /tmp -maxdepth 1 -type f -name 'php_session_file_prefix*' -ctime +15 -exec rm -f {} \;

    Then, in your crontab:

    # Run daily cron jobs at 03:40 every day
40 3 * * * /path/to/php-session-cleanup.sh
    • 1