How can i know if a session is still active or not?

I'm storing the sessions ids in a database table. I want to run a script that reads from the table every session id and check if this session is active or not.

I know that session information is stored in a directory (/tmp by default) and removed from there when the session is closed. But if the user close his browser without disconnecting from the session the session file is still in the /tmp directory.

How can I know if a session is still active or not?

I have searched the sessio开发者_高级运维n functions and didn't find anything that could help.

Generally speaking, the only way is to have a "last used" datetime/timestamp which you update every time the session is referenced, and discard/deactivate sessions after they haven't been used for a certain amount of time.

It's not possible to tell if a session will be referenced further as they're not kept open between requests, simply referenced when needed ... and need is dictated by the ever fickle client.

If your sessions are file based, as it sounds, you can use the last accessed date of the individual files, possibly save yourself a bit of trouble.

If you are keeping sessions in the database. Add a last accessed or modified timestamp to the database table. I've put code in my procedures that retrieve or store session information that DELETE FROM sessions WHERE modified is more than an hour ago. However long you want your session to be. At every call you can update that timestamp. It seems that would cause a performance hit, but I've used that pattern/process quite a bit. I almost always use the database to store session information. You should research session_set_save_handler(). I can try to gather some of my own code from previous project where I utilized this, but I'm sure that reading the manual on this and googling implementations will help you quite a bit.

Why would you care about this already outdated sessions? They will be cleared from temporary folder in some random time anyway.

You should check last access time in your database and if it's more then some predefined timeout - mark it as dead.

But think about your performance too. It's a way better approach to store your session data in memcache or something similar to it - just store it in memory, not in DB. Read more about it here: http://memcached.org/

It's really easy to store your session data in memcached: http://www.dotdeb.org/2008/08/25/storing-your-php-sessions-using-memcached/

There isn't such a function. PHP itself use somewhat an hack to determine when a session is expired, there are several options into the php.ini configuration file.

In short, every time a session started there is a gc_probability/gc_divisor chanche that php will start a garbage collection of pending data. The session accessed before gc_maxlifetime seconds are considered expired and PHP deletes them.

You can relay on this behaviour tuning the envolved options or mimic this behaviour with a similar approach.

For reference:

• http://it.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime
• http://it.php.net/manual/en/session.configuration.php#ini.session.gc-probability
• http://it.php.net/manual/en/session.configuration.php#ini.session.gc-divisor