phpsessionzend-frameworkzend-session

Zend_Session_SaveHandler_Db - don't delete old sessions


I use db table to store session information but the old session isn't delete from table automatically. In bootstrap class I have method to configurate session store handle:

protected function _initSessionHandle(){
        //setup your DB connection like before
        //NOTE: this config is also passed to Zend_Db_Table so anything specific
        //to the table can be put in the config as well
        $oMultiDb = Zend_Registry::get('multidb');
        $oDbAdapter = $oMultiDb->getDb('db2');
        $aConfig = array(
            'name'          => 'session', //table name as per Zend_Db_Table
            'primary'       => array(
                'id',   //the sessionID given by PHP
            ),
            'modifiedColumn' => 'modified',     //time the session should expire
            'dataColumn'     => 'data', //serialized data
            'lifetimeColumn' => 'lifetime',     //end of life for a specific record
            'db'             => $oDbAdapter,
        );
        //Tell Zend_Session to use your Save Handler
        $oSessionSaveHandle = new Zend_Session_SaveHandler_DbTable($aConfig);

        //$oSessionSaveHandle->gc(0);
        Zend_Session::setSaveHandler($oSessionSaveHandle);
        Zend_Session::start();
    }

The old session is deleted only if I set in code $oSessionSaveHandle->gc(0);. Why this is not happen automatically? When we go to Zend_Session::setSaveHandler method declaration

session_set_save_handler(
        array(&$saveHandler, 'open'),
        array(&$saveHandler, 'close'),
        array(&$saveHandler, 'read'),
        array(&$saveHandler, 'write'),
        array(&$saveHandler, 'destroy'),
        array(&$saveHandler, 'gc')
        );

We see the gc() method is passed to session_set_handle but isn't working, why?


Solution

  • The session handler uses the PHP session settings to determine when to run the session garbage collection. By default this runs on 1% of session-using requests, so if you're testing this on a development site with low traffic the sessions won't disappear immediately.

    Ideally you want to disable this completely and run the gc via. cron (or some background process), so that session deletion doesn't directly impact your site visitors.