Home/ Questions/Q 7844085
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T16:46:07+00:00

I am new at PHP and even newer with PHP Sessions, but have been

  • 0

I am new at PHP and even newer with PHP Sessions, but have been reading a lot about it; however, I haven’t been able to find the answer to my problem. Here is a simplified version:
1 – user types in a name in a form on a page
2 – a php file gets the name, starts a session and creates a directory on the server for the user with some customized files that the user can view.

Here is the question:
Since this is not a true login mechanism there won’t be a logout or session timeout and I don’t want to impose a timeout. So as long as s/he has the browser page open the directory that was created for the user on the server should be still accessible. How do I know when the browser is closed and user is not using the session anymore so I can delete the custom directory on the server? Is there anything related to the session file that is on the server that can be used: for example, if the garbage collection cleans the session and it doesn’t exist anymore then I could run a script to detect that and delete the directory associated with the deleted session.

What is not clear to me is what happens to sessions on the server if session_destroy() is never called.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since this is not a true login mechanism there won’t be a logout or session timeout and I don’t want to impose a timeout.

    Actually – it is a true login mechanism – you have a user perform a login by “entering name on form” – then they are logged in. It is just different to a username.

    You just dont have a “logout” mechanism.

    You can not rely on a browser to tell you when it is closed, leaving etc – it is unreliable and will not work. Therefore – your best (and only real) solution is to check server side for the state of the session. Just create a CRON job that runs a php file every 15mins or so. Each time the php file is run – it checks all sessions for their last activity time. If the last activity time is longer than the timeout limit, then run your cleanup.

    I know you said you dont want to “impose a timeout” – but you’ll going to have to draw a line in the sand somewhere, and say “hey, if my users are inactive for X mins (or even X hours) – then it is safe to assume they have left and are not coming back!”. Just set a really high threshold.

    • 0