Re: [Cgi-session-user] To remove expired sessions from disk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

There is some very useful code in this thread, and I want to start by
thanking all the contributors.

My problem is related, but with a difference. I want to log out users,
and delete their session files, and *create logout transactions* in a
database almost as if the users had explicitly logged out. I don't want
CGI::Session to delete expired sessions behind the scenes without
creating logout transactions.

The solution I am implementing would use a cron job to read all the
existing sessions. If one is found that should be deleted, the cron job
writes the transaction to the database and deletes the session.

It appears that I have to read the session files instead of using
CGI::Session to open them. If I use CGI::Session, then it will update
_SESSION_ATIME (the last access time) as if the user had done
something. My code would be much cleaner if there was a way to examine
a session without updating the last access time.

I have another problem that is probably out of scope, but I'll mention
it anyway. The session files are owned by the www-data account, and I
can't modify or delete these files with a normal user account. I'm
working around this by having the cron job invoke a web page that
deletes the expired sessions. There is probably a way to set up the web
server (Apache) or cron to fix the permissions problem, but I don't
have root privileges on the machine and the administrator isn't very
responsive. I prefer to code around problems rather than ask for his
help.

I'm looking for suggestions that lead to a cleaner implementation for
creating logout transactions. Thanks for reading my post.

David Levner
dav...@ya...

  :Not that there"s anything wrong with that, but if you"re creating a 
  :purge method, is expiry the only reason to purge? Might we sometime 
  :want to purge all? Purge non-expired sessions, but which are over a 
  :certain age?

 That makes sense. In that case the only thing I can think of right 
 now is to introduce find() method for general purpose hosekeeping:

   CGI::Session->find(\&purge);
   sub purge {
       my ($session) = @_;
       next if $session->empty;   #<-- already expired 
       # delete sessions not accessed in the past 10 days
       $session->delete() if ($session->atime + 36000) <= time();
   }

 To remove all the session data from the disk regardless of age:

   CGI::Session->find( sub { $_[0]->delete unless $_[0]->empty } );

 To logout all the users who left your web site without doing so, but
do not
 purge their whole sessions.

   CGI::Session->find(\&logout);
   sub logout {
       my ($session) = @_;
       next if $session->empty();
       if ( ($session->atime+600 < time) &&
$session->param("_logged_in") ) {
 	  $session->clear(["_logged_in"]);
       }
   }

 If you"re using two-argument syntax of expire() you can replace the
above example with:

   CGI::Session->find( sub {} );

 which removes both expired sessions, and clears all the expired
session parameters.

 Unless anyone has a better proposal, I will start coding it tonight
and hopefully will
 have a beta-version out tomorrow.

 -- 
 Sherzod B. Ruzmetov <sherzodr@ha...>
 <URL: http://author.handalak.com >

From: John Horner <bounce@jo...>
Re: To remove expired sessions from disk  
2005-02-10 14:41

 >I was thinking of introducing purge() method into the stable release
to make
 >it even easier to remove expired sessions

 Not that there"s anything wrong with that, but if you"re creating a 
 purge method, is expiry the only reason to purge? Might we sometime 
 want to purge all? Purge non-expired sessions, but which are over a 
 certain age?

 I"m only thinking aloud, but perhaps we either want 
 "purge_expired()", or we want "purge( { where => "expired"} )"?

From: Sherzod Ruzmetov <sherzodr@ha...>
To remove expired sessions from disk  
2005-02-10 10:14

 It will work even finer with 4.x, just call load( $session_id ) for
 all the sessions stored in disk. It will delete all expired sessions
 as necessary without creating any new ones.

 I was thinking of introducing purge() method into the stable release
to make
 it even 
 easier to remove expired sessions:

 	CGI::Session->purge(undef, {Directory=>"/tmp"});
 	CGI::Session->purge("driver:mysql", {Handle=>$dbh});
 	CGI::Session->purge("serializer:storable;driver:sqlite",
 {DataSource=>"/tmp/sessions.sqlt"});

 Any better ideas? 

 > -----Original Message-----
 > From: B&#65533;r, Sebastian [mailto:Sebastian.Baer@3S...] 
 > Sent: Thursday, February 10, 2005 4:20 AM
 > To: Steven Bauer; cgi-session-user@li...
 > Subject: AW: [Cgi-session-user] CGI::Session 4.x
 > 
 > 
 > Hi Steven,
 > 
 > > Is there a way for expired sessions to be automatically deleted?
 > > 
 > > I have a site where the temp directory is getting continually
 > > clogged with
 > > expired session files.
 > 
 > If you use files to store sessions you can use a script like 
 > the one attached to get rid of expired sessions. Just start 
 > it via a cron job and everything will be fine ;-)
 > 
 > I haven"t had the time to see whether it still works with 4.x 
 > but I will update it once I know the differences. For 3.x it 
 > works for me.
 > 
 > Regards,
 > Sebastian
 > 
 > --
 > 
 > 
 > =head1 NAME
 > 
 > cleanup_sessions.pl - Remove outdated CGI-sessions.
 > 
 > =head1 SYNOPSIS
 > 
 >   cleanup_sessions.pl [-h|--help] [-p|--print-only] [-v|--verbose]
 > 
 > =head1 OPTIONS
 > 
 > =over 4
 > 
 > =item B<-h|--help>
 > 
 > Brings up a help screen.
 > 
 > =item B<-p|--print-only>
 > 
 > Print list sessions and exit without deleting them. Implies B<-v>.
 > 
 > =item B<-v|--verbose>
 > 
 > Show information for each session file.
 > 
 > =back
 > 
 > =head1 DESCRIPTION
 > 
 > Get rid of outdated sessions, the kind that will be created 
 > by timeouts or missing user logout (i.e. if the user closes 
 > the browser without a proper logout).
 > 
 > =cut
 > 
 > use strict;
 > 
 > use Getopt::Long;
 > use Pod::Usage;
 > 
 > {
 >   my $help     ="";
 >   my $printOnly="";
 >   my $removed  =0;  # Number of files removed.
 >   my $verbose  ="";
 > 
 >   GetOptions("h|help"       => \$help,
 >              "p|print-only" => \$printOnly,
 >              "v|verbose"    => \$verbose
 >             ) or pod2usage(1);
 > 
 >   pod2usage(-exitstatus => 0,
 >             -verbose    => 3
 >            ) if $help;
 > 
 >   # "--print-only" implies "--verbose":
 >   $verbose=1 if($printOnly);
 > 
 >   my $baseDir="/var/run/ssds";
 > 
 >   # Open the session directory...
 >   opendir(my $dir, $baseDir) or die("Cannot open session dir: " .
$!);
 > 
 >   # ... and scan it:
 >   while(my $filename=readdir($dir))
 >   {
 >     # Only touch session files:
 >     if($filename =~ /^cgisess_[a-f0-9]{32}$/)
 >     {
 >       my $etime=0;
 >       my $atime=0;
 >       my $file =$baseDir . "/" . $filename;
 > 
 >       if(open(my $fh, "<$file"))
 >       {
 >         $_=<$fh>;
 > 
 >         if(/_SESSION_ETIME" => "?(\d+)/)
 >         {
 >           $etime=$1;
 >         }
 > 
 > 
 >         if(/_SESSION_ATIME" => "?(\d+)/)
 >         {
 >           $atime=$1;
 >         }
 > 
 >         close($fh);
 >       }
 >       else
 >       {
 >         warn("Unable to open file: " . $!);
 >       }
 > 
 >       # Print the filename:
 >       print("$filename: ") if($verbose);
 > 
 >       if($etime)
 >       {
 >         # How many seconds are left?
 >         my $left=$etime+$atime-time();
 > 
 >         # To be sure no interaction with concurrent file 
 > access occurs we only
 >         # remove files that have expired at least a minute ago.
 >         if($left<-60)
 >         {
 >           print("Expired (at least a minute ago)\n") if($verbose);
 >         }
 >         else
 >         {
 >           if($left<0)
 >           {
 >             print("Expired (less than a minute ago) / 
 > keep\n") if($verbose);
 >           }
 >           else
 >           {
 >             print("Alive ($left sec remaining)\n");
 >           }
 >           next;
 >         }
 >       }
 >       else
 >       {
 >         print("Missing expiry time\n") if($verbose);
 >       }
 > 
 >       # Time to get rid of expired files:
 >       unless($printOnly)
 >       {
 >         unlink($file);
 >         $removed++;
 >       }
 >     }
 >   }
 > 
 >   closedir($dir);
 > 
 >   print("Removed $removed session files.\n");
 > }
 > 
 > 
 > --
 > Sebastian B&#65533;r, Software Developer, OSEK Business Division
 > 3SOFT GmbH - Member of the Elektrobit Group
 > 
 > 
 > -------------------------------------------------------
 > SF email is sponsored by - The IT Product Guide
 > Read honest & candid reviews on hundreds of IT Products from 
 > real users. Discover which products truly live up to the 
 > hype. Start reading now. 
 > http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
 > _______________________________________________
 > Cgi-session-user mailing list Cgi-session-user@li...
 > https://lists.sourceforge.net/lists/listinfo/cgi-session-user
 > 

From: <Sebastian.Baer@3S...>
AW: CGI::Session 4.x  
2005-02-10 01:19

 Hi Steven,

 > Is there a way for expired sessions to be automatically deleted?
 > 
 > I have a site where the temp directory is getting continually 
 > clogged with
 > expired session files.

 If you use files to store sessions you can use a script like the
 one attached to get rid of expired sessions.
 Just start it via a cron job and everything will be fine ;-)

 I haven"t had the time to see whether it still works with 4.x
 but I will update it once I know the differences. For 3.x
 it works for me.

 Regards,
 Sebastian

 --

 =head1 NAME

 cleanup_sessions.pl - Remove outdated CGI-sessions.

 =head1 SYNOPSIS

   cleanup_sessions.pl [-h|--help] [-p|--print-only] [-v|--verbose]

 =head1 OPTIONS

 =over 4

 =item B<-h|--help>

 Brings up a help screen.

 =item B<-p|--print-only>

 Print list sessions and exit without deleting them. Implies B<-v>.

 =item B<-v|--verbose>

 Show information for each session file.

 =back

 =head1 DESCRIPTION

 Get rid of outdated sessions, the kind that will be created by
timeouts or
 missing user logout (i.e. if the user closes the browser without a
proper
 logout).

 =cut

 use strict;

 use Getopt::Long;
 use Pod::Usage;

 {
   my $help     ="";
   my $printOnly="";
   my $removed  =0;  # Number of files removed.
   my $verbose  ="";

   GetOptions("h|help"       => \$help,
              "p|print-only" => \$printOnly,
              "v|verbose"    => \$verbose
             ) or pod2usage(1);

   pod2usage(-exitstatus => 0,
             -verbose    => 3
            ) if $help;

   # "--print-only" implies "--verbose":
   $verbose=1 if($printOnly);

   my $baseDir="/var/run/ssds";

   # Open the session directory...
   opendir(my $dir, $baseDir) or die("Cannot open session dir: " . $!);

   # ... and scan it:
   while(my $filename=readdir($dir))
   {
     # Only touch session files:
     if($filename =~ /^cgisess_[a-f0-9]{32}$/)
     {
       my $etime=0;
       my $atime=0;
       my $file =$baseDir . "/" . $filename;

       if(open(my $fh, "<$file"))
       {
         $_=<$fh>;

         if(/_SESSION_ETIME" => "?(\d+)/)
         {
           $etime=$1;
         }

         if(/_SESSION_ATIME" => "?(\d+)/)
         {
           $atime=$1;
         }

         close($fh);
       }
       else
       {
         warn("Unable to open file: " . $!);
       }

       # Print the filename:
       print("$filename: ") if($verbose);

       if($etime)
       {
         # How many seconds are left?
         my $left=$etime+$atime-time();

         # To be sure no interaction with concurrent file access occurs
we only
         # remove files that have expired at least a minute ago.
         if($left<-60)
         {
           print("Expired (at least a minute ago)\n") if($verbose);
         }
         else
         {
           if($left<0)
           {
             print("Expired (less than a minute ago) / keep\n")
if($verbose);
           }
           else
           {
             print("Alive ($left sec remaining)\n");
           }
           next;
         }
       }
       else
       {
         print("Missing expiry time\n") if($verbose);
       }

       # Time to get rid of expired files:
       unless($printOnly)
       {
         unlink($file);
         $removed++;
       }
     }
   }

   closedir($dir);

   print("Removed $removed session files.\n");
 }

 --
 Sebastian B&#65533;r, Software Developer, OSEK Business Division
 3SOFT GmbH - Member of the Elektrobit Group

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 