So let’s say user did something on my website, for example uploaded some images or whatever, and he left without logging out and never came back or let’s say he did come back after few months.
So my question would be, is there some kind of way for example to delete his uploaded files after session have expired, let’s say after 30 mins (keep in mind that user never reloaded page), so that would need to run entirely on server side without user interfering at all.
EDIT Thank you all for your wonderful answers, it gave me quite a few great ideas, i wish i could accept all of your answers 🙂
One way would be to call
and iterate over all saved session file, unserialze each and check them for the specified timeout property.
Unfortunately, you need to scan the whole directory to find all session files, which are older than a defined period of time. You’d use
start()to figure out the age of a session file.On a well-maintained server, each virtual host should have a separate directory for its session data. A not-so-well-maintained might store all sessions in a unified shared directory. Therefore, ensure that you don’t read or delete other virtual hosts’ session data.
Better Approach using a database
Therefore I propose to save session data to your application’s backend database. Using SQL, it would be trivial to find all outdated session files.
The documentation for
session_set_save_handler()provides a sample, which explains this whole process quite nicely based on objects.