We help IT Professionals succeed at work.

PHP Session Callbacks

numberkruncher
on
I am using "session_start" to begin a session in my PHP code.

I would like to register some sort of callback which executes when a session expires and/or is terminated in any way.

How can I do this?
Comment
Watch Question

Avinash ZalaWeb Expert

Commented:
You can store the session start time in session variable.
and then after on each page check for the time difference in session value and current value.

If its expired then destroy the session and do what ever you want.

Hope this helps,
Addy

Author

Commented:
Thanks, but what I actually wanted was:

> Visitor goes to page and "session_start" is called.
> Visitor does what ever they want on the website.
> Visitor closes web browser and eventually the session expires, execute callback.

Is this possible?
Avinash ZalaWeb Expert

Commented:
if visitor close the browser or power down occur then we can not handle with code.

Hope this helps,
Addy

Author

Commented:
I understand that the server cannot guess when a web browser is closed, but can it not detect when a session has expired and the execute a callback?

Or do I need to create a database table which keeps track of all current sessions and then process them each time a request is made?
Avinash ZalaWeb Expert

Commented:
for that you need to make frequent ajax call in site, to check if session is set or destroyed.

If destroyed then do some code as you want else leave it.


I think its a bigger task.

hope this helps,
Addy
"I understand that the server cannot guess when a web browser is closed, but can it not detect when a session has expired and the execute a callback?"

No.

Sessions can be handled in a number of ways. The most common one is to store a FILE with session information in it in /tmp. The file often has an MD5-like name.

The reference to this file is to use a cookie on the client PC with a preset expiry. The only data in the cookie is the MD5-like filename of the file in /tmp. When the cookie expires on the PC the session is lost. Obviously the server cannot detect a cookie deletion on the client PC.

There are other mechanisms involved, but this one illustrates the problem.

Author

Commented:
I was under the impression that "session_start" automatically created a FILE with each session. So it sounds to me like I need to create a session and associate a file/record with it and then periodically scan through the files/records and delete all those which have expired (and execute my callback code)?

I thought that there would be some sort of event which was called by underlying PHP code.

What happens if I use "session_set_save_handler"? Will any of the callbacks be called when a session expires?
Session information is kept in a file in a temporary directory on the server. A typical location is /tmp, but the session keeps the FILENAME of that file in a cookie on the user's PC.

However there are lots of variations on this. For instance some systems use an extra URL parameter to keep the filename in and you can see it in the browser address line. Others move the /tmp directory inside the domain's web root, others store it in a MySQL database table.

The problem with scanning /tmp is that it is full of other stuff, not just sessions and it is not uncommon for old session files to be left lying in there. Additionally, if your host operates a policy of allocationg /tmp inside each website's folder then there will be a lot of "/tmp"s to scan. Just another little complication......

Author

Commented:
Sorry for late response, over the last few days I have moved house...things have been hectic!

So, by default, when attributes are added to the session object, where are these being stored? Is this specific to my host or is this common across all PHP implementations?

When the session eventually expires, how would the server know to clean it up? Does "session_set_save_handler" have anything to do with this?
"Sorry for late response, over the last few days I have moved house...things have been hectic!"

Yes - I know what that's like. :-O


"So, by default, when attributes are added to the session object, where are these being stored? Is this specific to my host or is this common across all PHP implementations?"

When you add stuff to the session it is PROBABLY stored in a file in /tmp as this is a common method. As I said in my earlier post it can be stored anywhere and /tmp may be moved. Run phpinfo() and then scan for session.save_path and session.save_handler as these will tell you where the session data is stored and in what format.

"When the session eventually expires, how would the server know to clean it up?"

Generally, the filename used by sessions are unique and when the session finishes the file just does not get updated any more and just lies there. The server's garbage collection may clean it or jobs are run when the server reboots to clean out session files with old dates. The method varies from implementation to implementation.

Author

Commented:
Thank you for all of your help, it is greatly appreciated!