Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

delete session after session destroy

Posted on 2005-04-14
35
Medium Priority
?
823 Views
Last Modified: 2013-12-12
Since I am saving the session data to another directory, so it won't be overwritten by other session changes happening on a SHARED Linux hosting server, now that I have gotten the sessions to save in another directory, all is fine, until I destroy the session.  Then I get an error, session exists, but is destroyed.

I now need a way to remove the session from the cache in the directory -- sessions.

Thanks
0
Comment
Question by:sciwriter
  • 14
  • 12
  • 9
35 Comments
 
LVL 11

Expert Comment

by:matt_mcswain
ID: 13787099
It will work the same, b/c php knows where it is.

session_start();
$_SESSION = array();
session_destroy();

What's the error message?
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787222
"Warning: Invalid argument supplied for foreach() in /home/site/public_html/cart.php on line 81"
Which is merely --  foreach($_SESSION['divs'] as $key => $val)
which simply goes through the Keys and prints out the values in the session.

Now I qualified that foreach() loop with --
if (array_key_exists('divs', $_SESSION) and is_array($_SESSION['divs']))

And it is not working, because the session still does exist -- the session destroy() did not remove the Session ID from the directory, all it does is delete the data from the session, not remove the ID -- they are just accumulating and never actually getting deleted in the sessions directory.....

I think it's just a simple matter of -- delete session_ID(session_ID)  or something like that, but I don't know
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787228
The destroy code is --

 if ($edit =='Delete All')
 {  $_SESSION = array();
  session_destroy();
  }
perhaps it is missing something?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:peyox
ID: 13787310
I found this on php.net (by thomas at uninet dot se), hope this helps:

--- quote ---
I did encounter a minor problem when I tried to remove the physical file that stores the session. The problem was that my working directory wasn't on the same drive as my PHP installation (yes, I used Windows).

So I used the PHP_BINDIR to start at the same place as PHP does and then change directory to the place that was specified in PHP.INI. This makes it transparent to relative paths in session.save_path.

<?php
function DeleteSessionID($sessionid) {
  $orgpath = getcwd();
  chdir(PHP_BINDIR);
  chdir(session_save_path());
  $path = realpath(getcwd()).'/';
  if(file_exists($path.'sess_'.$sessionid)) {
   // Delete it here
   unlink($path.'sess_'.$sessionid);
  } else {
   // File not found
  }
  chdir($orgpath);
}

?>

The final chdir($orgpath) is just to restore the working directory as it were before .
--- end quote ---
0
 
LVL 11

Expert Comment

by:matt_mcswain
ID: 13787390
So if you run this code:

<?php
ini_set('session.save_path','sessions');
session_start();
echo session_id();
$_SESSION = array();
session_destroy();
?>

The file "sessions/sess_session_id" is still present?
0
 
LVL 6

Expert Comment

by:peyox
ID: 13787451
Guys, session files are NOT deleted after calling session_destroy. It is to be cleaned up internally, from time to time by PHP core.

There are two settings (in php.ini) wich are directly related to this:
1) session.gc_probability
2) session.gc_divisor

These two determine the probability of clean up session files after page request.

By default they are set to:
session.gc_probability = 1
session.gc_divisor = 1000

which means that PHP will trigger session clean up once every 1000 page requests (1/1000).

If you can set them like this:
session.gc_probability = 1000
session.gc_divisor = 1000

then PHP will trigger garbage collector after every scripit execution - which is equal to ALWAYS.

I understand that you are using shared host, but you still have an option to manipulate settings in php.ini by using ini_set(), for example:

ini_set('session.gc_probability','1000');
ini_set('session.gc_divisor ,'1000');

just remember to include these two lines at the begining of each file using sessions, even before session_start()

For testing purposes you may also want to decrease session life time, to see if it works, by calling:
ini_set('session.gc_maxlifetime', '10'); // sets session life time to 10 seconds



0
 
LVL 11

Accepted Solution

by:
matt_mcswain earned 1200 total points
ID: 13787488
>>session files are NOT deleted after calling session_destroy.
Sorry, but they are.
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787627
OK I think you two guys are heading in the right direction.  Both session IDs still exist in the directory --

public_html / sessions  -- the one I made yesterday of 27 hr duration (now expired)
and the one I made today of only 2 hour duration.

As I said, session_destroy() kills the data in the session, but does not seem to delete the long file itself (i.e. the session name, about 25 numbers long).

This could be because I did NOT set some path up front to tell it where to delete them?

Peyox -- I have NO access to PHP.INI on this site, it is shared hosting !!!!
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787635
AHA!!!  The unlink command -- that is it !!!  
I remember reading about the unlink() command.
That is what I need, and I have not instituted it.
Some ideas about unlink, perhaps???
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787647
I am just guessing here, but how about something like this --

 $path = "sessions";
  if(file_exists($path.'sess_'.$sessionid))
    {
   unlink($path.'sess_'.$sessionid);
     }

Ideas??
0
 
LVL 11

Expert Comment

by:matt_mcswain
ID: 13787650
You can use this:

<?php
ini_set('session.save_path','sessions');
session_start();
unlink('sessions/sess_'.session_id());
$_SESSION = array();
session_destroy();
?>
0
 
LVL 6

Expert Comment

by:peyox
ID: 13787658
Matt you are right. Everything I described above was about expired session (closed browser, life time expired, etc) but not session_destroy, my stupid mistake.

sciwriter, you don't need to have access to php.ini to use ini_set (and be able to change settings from php.ini within script scope).
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787673
Warning: session_destroy(): Session object destruction failed in /home/../public_html/cart.php on line 45
Warning: Invalid argument supplied for foreach() in /home/../public_html/cart.php on line 83

Matt, Peyox -- with the unlink of Matt's, above, I get the first warning, the second is the same as before.
Upping points, this is going to be another one of those hum-dingers.....
0
 
LVL 6

Expert Comment

by:peyox
ID: 13787690
try to switch these two lines (unlink at the end)

<?php
ini_set('session.save_path','sessions');
session_start();
$_SESSION = array();
session_destroy();
unlink('sessions/sess_'.session_id());
?>
0
 
LVL 11

Expert Comment

by:matt_mcswain
ID: 13787693
That might be because the file was deleted.
0
 
LVL 11

Expert Comment

by:matt_mcswain
ID: 13787703
Yep, try that.
sciwriter, were you able to use shell_exec() on your host? Because then you get a shot of exactly what's going on doing every page refresh, while your testing? Using:

echo shell_exec('ls -la sessions');

That error makes it sound as if session_destroy() was going to remove the file but failed b/c it was already gone.
0
 
LVL 11

Expert Comment

by:matt_mcswain
ID: 13787709
Actually:

echo nl2br(shell_exec('ls -la sessions'));

that's how I normally do it.
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787732
OK, different message now -- I flipped the lines and I now get this --
Warning: unlink(sessions/sess_): No such file or directory in /home/../public_html/cart.php on line 45

BTW, all is working fine until I destroy the session.  The rest is OK as long as I have something in it.
I can see the session in the FTP manager, the actual name is like this --
sess_1ee28d134a259d52f....etc....
The directory IS called "sessions" no upper case.
I think we are on the right track, maybe not just the right terminology, also maybe "unlink" is not the right command, after all?
Let me try removing in the sessions/  prefix, may not be needed,  will get back....
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787748
Nope, same message without the "sessions/" prefix --

Warning: unlink(sess_): No such file or directory in /home/.../public_html/cart.php on line 4
Warning: Invalid argument supplied for foreach() in /home/.../public_html/cart.php on line 83

Better if I let you guys debug this than me try at random  :)
0
 
LVL 6

Expert Comment

by:peyox
ID: 13787761
>>Warning: unlink(sessions/sess_): No such file or directory in /home/../public_html/cart.php on line 45

You get this error because you are probably trying to delete the file in wrong directory, or (?) file is already deleted.

where is your /session directory located? If this is the same level as /public_html, then you will need to do:

unlink('./../sessions/sess_'.session_id());
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787768
The file is still there, Matt, I can see it in my FTP manager, nothing goes so far without manual deletion :(
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787779
public_html/sessions/sess_1ee28d134a259d52f....etc....
0
 
LVL 11

Expert Comment

by:matt_mcswain
ID: 13787796
I would delete everything in the sessions directory in case their old sessions.

Then in your public_html directory

<?php
ini_set('session.save_path','sessions');
session_start();
$_SESSION = array();
session_destroy();
if (file_exists('sessions/sess_'.session_id())
    unlink('sessions/sess_'.session_id());
?>
0
 
LVL 6

Assisted Solution

by:peyox
peyox earned 800 total points
ID: 13787799
It looks, that you are loosing session id before callin unlink, try this:

?php
ini_set('session.save_path','sessions');
session_start();
$sid = session_id();
$_SESSION = array();
session_destroy();
unlink('sessions/sess_'.$sid);
?>
0
 
LVL 11

Expert Comment

by:matt_mcswain
ID: 13787811
Good catch!
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787820
OK guys, stop for a sec, reconsider this -- I realized looking at the code above, I was not "NAMING" the session.  I changed it to this (adding the session name):

if ($edit =='Delete All')
 {  
    $_SESSION['divs'] = array();
    session_destroy();
    unlink('sessions/sess_'.session_id());
   }

Now you see, the name "divs" is in there, and now I am down to only ONE message, and the session DID indeed get destroyed and the file deleted.  So maybe you were right to begin with, if I NAME the session as I made it, "divs", then the destroy will actually delete the file.

let me try that....  last remaining message....

Warning: unlink(sessions/sess_): No such file or directory in /home/.../public_html/cart.php on line 45
0
 
LVL 6

Expert Comment

by:peyox
ID: 13787823
One question, after each script execution you have one more file in /session directory, right? Even if session_destroy was called
If not then session_destroy() works as expected, but you have couple old session files not cleaned up by garbage collector.
How many files do you have in this folder?
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787837
No I got rid of the old ones manually, am keeping up with you 2 guys as fast as I can, you are a couple of fireball participants, when the two of you go at it together, it is an invogorating experience, believe me....
0
 
LVL 11

Expert Comment

by:matt_mcswain
ID: 13787859
You should be able to remove the unlink().
And:

$_SESSION = array();

should take care of this:

$_SESSION['divs'] = array();

The first should clear the entire session array, while the latter just the 'divs' variable.
But I'm not gonna argue if it's working. ;)
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787865
YEP!!  THAT DID IT!!  The bottom line, guys, is you were both right -- if the session is NAMED correctly with the ['name I used to open it'] -- and you just destroy with that SAME name, it does exactly what you said it would, at the beginning.  It kills the session with ONLY the session_destroy(), and it does indeed disappear (my ftp manager sees it real time).  So the Key was, as you both said at the outset, JUST using SESSION_DESTROY does it completely, but you MUST give it the right name.

I don't know how I can fairly split points other than equally, but I have to tell you, when the two of you get on a question together, it is absolutely fantastic !!  I am upping points and closing this one.

Maybe tomorrow, look at my other Q on Paypal -- it is really just a bunch of near PHP stuff -- mathematics, extracting URLs and adding amounts.  Give it a shot -- I welcome your great contributions!!!

http://www.experts-exchange.com/Web/Web_Languages/PHP/PHP_Databases/Q_21389482.html

Thanks a million once again....
0
 
LVL 11

Expert Comment

by:matt_mcswain
ID: 13787891
No problem. And thanks again for uppin' the points! ;^)
0
 
LVL 6

Expert Comment

by:peyox
ID: 13787903
I think Matt contributed much more than I did in this question. He also corrected my stupid mistake at the beginning of this discussion. So he should get bigger part of the points if you are considering points split.

Thanks both of you for a good time :)
0
 
LVL 6

Expert Comment

by:peyox
ID: 13787906
Good split, thanks for the points!
0
 
LVL 11

Expert Comment

by:matt_mcswain
ID: 13787911
No worries peyox.
We all do it.
0
 
LVL 23

Author Comment

by:sciwriter
ID: 13787915
Well, I did end up giving Matt more points, he was the "rightest" so to speak...   :)
But face it peyox, you get him going, so you are great too :)

Jump into my other Q, I have lots more to go, and each time, we seem to learn a little more, no?
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question