Default PHP mechanism: each php request has a 1100 probability (default) to trigger "session reclaim ". Next, this article will introduce you to the excessive number of Session files in PHP and the location where session files are stored. For more information, see the default mechanism of PHP: every php request, there will be a 1/100 probability (default value) to trigger "session reclaim ". If "session recycle" occurs, the/tmp/sess _ * file will be checked. if the last modification time exceeds 1440 seconds (the value of gc_maxlifetime ), delete it, which means that these sessions expire
I. What is a session file?
The file is usually/tmp/sessions/sess_4b1e384ad74619bd212e236e52a5a174If
Username | s: 9: "test"; admin | s: 1: "0 ";
II. When session recovery occurs
By default, every php request will have a 1/100 probability of recovery, so it may be simply understood as "every 100 php requests will be recycled once ". This probability is controlled by the following parameters:
# The probability is gc_probability/gc_pisorsession.gc_probability = 1session. gc_pisor = 100.
Assume that gc_maxlifetime is 120. if the last modification time of a session file is 120 seconds ago, the session is still valid until the next recovery (1/100 probability) occurs.
If your session is saved elsewhere in session. save_path, the session recycle mechanism may not automatically process expired session files. In this case, you need to manually (or crontab) delete expired sessions regularly.
3. set the session storage directory
With the php5-fpm, modify/etc/php5/fpm/php. ini, modify or add the following line:
session.save_path = 3;600:/tmp/sessions
IV. session clearing script
#!/bin/shfind /tmp/php-session -cmin +24 -name "sess_*" -and -size 0 -delete > /dev/null 2>&1find /tmp/php-session -cmin +1440 -name "sess_*" -delete > /dev/null 2>&1
The time here can be obtained through session. gc_maxlifetime and placed in the scheduled task (crontab)
Other methods
Use memcache and so on (session. save_handler = memcache)
Use cookie, but the cookie must be encrypted
5. use tmfs to store Sessions
1. Mount/tmp to the tmpfs file system
Modify/etc/fstab and add the following content in the last line:/tmp/sessions tmpfs defaults, size = 5120 m 0 0
mount -a
2. create a session storage folder
Php does not automatically create these folders, but some scripts for creating folders are provided in the source file. The script below is also useful. the script content is as follows:
#!/bin/shdir="0 1 2 3 4 5 6 7 8 9 a b c d e f"for levela in $dir;dofor levelb in $dir;dofor levelc in $dir;domkdir -p /tmp/sessions/$levela/$levelb/$levelc;donedone;donechown -R root:webgrp /tmp/sessions && chmod -R 1777 /tmp/sessions
Because/tmp/sessions is the memory used, after the server is restarted, all files in it will be lost. Therefore, you need to add the above script to/etc/rc. local, and before starting php
3. store sessions in different directories
Php itself supports multi-level hash of Sessions. in php. ini, change; session. save_path =/tmp
session.save_path = "3;/tmp/sessions
4. session recycling
Use the above script.
Next, let's explain where php session data is stored?
Of course, it is on the server side, but not stored in the memory, but saved in a file or database.
By default, php. the SESSION storage method set in ini is files (session. save_handler = files), that is, SESSION data is saved by reading and writing files, and the SESSION file directory is saved by session. save_path is specified. the file name is prefixed with sess _ and followed by the session id. for example, sess_c000065af28a8b14c0fe11afe3b59b51b. The data in the file is the serialized SESSION data.
If the traffic volume is large, many SESSION files may be generated. you can set a hierarchical directory to store SESSION files, which improves the efficiency. the setting method is session. save_path = "N;/save_path", where N is the classification level, and save_path is the start directory.
When writing SESSION data, PHP will get the SESSION_ID of the client, and then find the corresponding SESSION file in the saved Directory of the specified SESSION file based on the session id. if the SESSION file does not exist, it will be created, finally, the data is serialized and written to the file. Reading SESSION data is a similar operation process. The read data needs to be deserialized to generate the corresponding SESSION variable.