0

I need to check if each session over my website is still active or not. I used to cycle over each session in the folder given by the php command session_save_path(), the problem is that even if a session expires, the respective folder doesn't modify at all.

How can I solve this? I have PHP 5.3, otherwise I would have tried something like session_status(), which I think can solve my problem.

Here's my code:

$sessionNames = scandir(session_save_path());

foreach($sessionNames as $sessionName) {
    $sessionName = str_replace("sess_","",$sessionName);
    if(strpos($sessionName,".") === false) { //This skips temp files that aren't sessions
        session_id($sessionName);
        session_start();

        // CHECK IF THE SESSION IS ACTIVE OR EXPIRED

        session_write_close();

    }
}

Thank you!

Jouby
  • 2,196
  • 2
  • 21
  • 33
Antonio Muzzolini
  • 5
  • 2
  • 1
    PHP 5.3 has been EOL for ages now. Please consider upgrading as it would both solve your problem and keep your application way more secure. – Loek Jul 02 '18 at 14:42
  • Why are you trying to do this? – marekful Jul 02 '18 at 14:43
  • Thanks @Loek! Actually I'm upgrading it in some months, I was just searching for some quick solution for now – Antonio Muzzolini Jul 02 '18 at 14:45
  • @marekful to get the users' logs using an external script executed in the crontab – Antonio Muzzolini Jul 02 '18 at 14:50
  • If you can start the session, it is obviously not expired - or how would you define that state otherwise if not by session files present or absent? – Nico Haase Jul 02 '18 at 14:55
  • @NicoHaase if I close my webpage without logging out, wait 30 minutes, then reopen it, it redirects me to the login page, but the session file is still there exactly as it was. – Antonio Muzzolini Jul 02 '18 at 14:59
  • 1
    The session files don't go away when the session is closed or ended. The probability of a session file being removed is based on variables in the PHP ini file. IMO you should not be looking at or using the session files directly. – Dave Jul 02 '18 at 15:08
  • If you still want to go that way, write some timestamp to each session (this causes the file to be updated on each request while the session is active). Then you can find all files that are older than your session lifetime, those will be the expired ones – Nico Haase Jul 03 '18 at 07:05
  • @NicoHaase can you explain how? I have to save in session something like current timestamp and it should update by itself while the session is active? I don't completely understand. Thank you! – Antonio Muzzolini Jul 03 '18 at 10:18
  • ...it should be updated on each request, so if you have a common header or footer, just call `$_SESSION['lastRequest'] = time()` – Nico Haase Jul 03 '18 at 10:33

0 Answers0