$f3->clear('SESSION') does not remove the session from database

[Vahrokh Vain]

Hello,

I have searched for examples about how to use database-stored sessions in Fat-Free.

I have everything working well except a detail. All the examples I have found, tell the way to destroy a session is to call:

$f3->clear('SESSION');

Now, this clears the serialized session variables in the relevant database row. However I want to actually delete the session record, not just clear one field of it.

Is there a Fat-Free built-in way to do that?

Demo:
Attached picture 1: Created session: notice the us_Dati field (the serialized data) being present.

Attached picture 2: Cleared session: notice the database row is still there, just with the us_Dati field cleared and nothing more.
If I call the session creation function again, it reuses the current session ID and fills in the serialized data (which is very OK to me).


Another question: is PHP going to call the cleanup() function by itself, so that the database gets periodically cleaned up?

If so, which criterium is used? I am asking this, because I am using Ubuntu, which massively messes with PHP's sessions garbage cleanup and sets:

session.gc_probability = 0

So, I might risk getting some ever growing sessions database with no way to clean it up.

Best regards,
Dario Fumagalli

[ved]

Hi, I use debian and it also sets the gc probability to 0 and then uses a debian specific cronjob to run the garbage collection. Since ubuntu is based on debian I'm assuming the same setup.

Debian does that because the permissions for the folder where sessions are stored (in a default install, therefore using session files) have stricter permissions to avoid session hijacking so the normal garbage collector that runs as the webserver itself couldn't clean them.

So, if you use F3 with the database session handler, you'll have to set appropriate gc_* parameters on your php.ini file (or through ini_set()) for your app. If done this way, F3 should call the garbage collection function according to the ini parameters. [dev citation needed]

[Vahrokh Vain]

Thank you for your answer!

I am going to do what you suggest.

About the bug... any dev or anybody who could please tell me if it's a bug, a feature or what?

[ved]

Not sure about what bug you mean but the database session seems to be behaving normally.

Even when destroying a default session (i.e: not using the database) php doesn't delete the session file when you delete the session. That's how sessions work afaik. Session files (or database entries in your case) are only deleted by the session garbage collector.

As I've stated above, because you're using ubuntu and your gc_probability is set to 0, then you are right when you say you'll have an ever increasing session table. If you setup a gc_ value then F3 should call the session clean method according to the parameters and that will remove any expired or staled session files or database entries.

Hope it helps, otherwise please clarify what bug you're referring to.

[Vahrokh Vain]

Thank you very much for taking your time and replying to me!