Expired session files

[lonalore]

Question

Is there a way in e107 to clean up expired session files from temp dir?

Additional Context

I have a VPS with multiple websites, and yesterday I got an alert about 90% usage of inodes. After a little exploration I found that there are more than thousands of e107 session files in the temp directory took ~1.5 million inodes. The directory contained not only new but also old session files even though "Session lifetime" is set to 86400 in the Admin area.

There is only one e107 website on my VPS, other websites do not have this problem. Any idea about this?

Additional Info

• Cron is set and it runs every minute.
• PHP 7.1.29 (Fast-CGI)
• Apache webserver
• e107 version: latest git version

[Deltik]

@CaMer0n: This is exactly what I predicted could happen in our private conversation on 17 February 2020 (link only works for you and @Moc).

---

@lonalore: The immediate solution is to enable PHP session file garbage collection in your php.ini file. These configuration options need to be greater than 0:

• session.gc_maxlifetime – should match your intended session lifetime in minutes
• session.gc_divisor – should more than 0 up to 100

Depending on your web server configuration, your web server may need to be restarted after changing php.ini.

In the future, I am planning on introducing a new session management model in e107. Specifically, I want to make it possible to store sessions in the MySQL database, which takes up only 1 to 3 inodes for all sessions, no matter how many.

[lonalore]

@Deltik thank you, I'll apply this setting soon for that website.

Yesterday I deleted the files but there are more than 3,000 again:

I support database storage for session data! Very good idea! 👍

[lonalore]

Session garbage collector works great. Thank you!

[Deltik]

@Moc: Let's categorize this as room for improvement in documentation. Users need to know that session.gc_divisor in php.ini needs to be 1 or higher and that the e107 session lifetime cannot be more than session.gc_maxlifetime.

[Moc]

Yeah I added the enhancement label because I thought we'd link it to to the database storage for sessions. I'm closing this issue as with all documentation issues.

They are added to the project that keeps track of the documentation backlog (yet to start but well, at least we have it organized).

[CaMer0n]

Yes, and the database storage should be optional also.
@Deltik @Moc For 2.3.0 I suggest we tweak the session handler as it is now, perhaps with some preferences, so that the above scenario can be avoided. Or, at the very least, check the PHP.ini values and provide alerts (on the PHPInfo page of admin for example)

[lonalore]

Btw, e.g Drupal enables garbage collection using ini_set().
Drupal 7 solution.
Drupal 8 solution is the same, but it uses yml configuration file to store these settings.

I think a possible solution might be to add these settings to the session handler, e.g to the setDefaultSystemConfig() method.

[Deltik]

@CaMer0n and @lonalore: How do you like this?: https://github.com/e107inc/e107/pull/4132/files?w=1