When user closes the browser and the session gets killed, I need to update my database of current users. So I have set up a simple cron job that deletes the row.
DELETE FROM visit WHERE unix_timestamp(time)<unix_timestamp(now()-600) and sessionid <>(LIST OF SESSIONS ..need help)
I can get the session files thanks to this code provided here on StackOverflow(thanks)
$sessions = array();
$path = realpath(session_save_path());
$files = array_diff(scandir($path), array('.', '..'));
foreach ($files as $file)
{
$sessions[$file] = unserialize(file_get_contents($path . '/' . $file));
}
echo '<pre>';
print_r($sessions);
echo '</pre>';
My question is are those files returned by the second half of the code the list of active sessions? Basically I’m trying to verify that all the rows that will be deleted will contain sessions that are not part of the “ACTIVE’ list supposedly returned by unserialize(file_get_contents($path . ‘/’ . $file));
I have read that another approach would be to check the last activity timestamp (if it’s greater than say 10 minutes). But I don’t know how to record “last activities’ onto the database.
Thanks
Whoa!
Reference counting is not a good way to keep track of sessions – particularly if the sessions are stored in a completely separate substrate. Trying to maintain a list of the active sessions seperate from the active session list is a redundancy.
I’d start again. Use a db-bound session handler. It’s up to you if you allow sessions older than gc_maxlifetime to be reloaded (default handler does allow this).
Then (e.g. treating expired sessions as no longer active):
As per above, that depends on your definition of active. Some of these will be older than gc_maxlifetime – but (using the default handler) will still be usable.
If you’re not bothered about reuse of stale sessions/reuse of the same login details, counting the files in session_save_path() will probably be faster – but the DB approach is more accurate and flexible.