View Single Post
Old 2017-02-02, 15:55   #1192
Serpentine Vermin Jar
Madpoo's Avatar
Jul 2014

2×1,637 Posts

Originally Posted by Mark Rose View Post
Look into the set_session_save_handler function of PHP. A common practice is to store sessions in a database. Update a last-used field every hour or so (check in the write handler if it's been an hour if there are no other data changes), then run a scheduled task to delete sessions where last-used is a month old or whatever.
I'll take a look at that.

One huge problem I realized is that PHP will create a session file for each connection that didn't already have that cookie value in the request header.

All well and good until it occurred to me that the server is generating in excess of 70-80K files on a daily basis, and that is probably because the site gets activity from crawlers that don't have a cookie already and sure as heck won't be setting one to use on their next page request.

I don't know if there is any good reason for a session file for an anonymous user, and in fact most of them are zero bytes.

What I'd like to find is a method to have it only bother with session files and setting a cookie if the user logs in, but that's another place where I don't know enough about PHP to know if that's possible, or if it's just a server wide deal. I know how I could set *session* cookies (temporal) in a .NET scenario with page directives, and a user cookie is pretty easy to manage, so hopefully that all translates into something PHP'ish.
Madpoo is offline   Reply With Quote