session_gc

    (PHP 7 >= 7.1.0, PHP 8)

    session_gcPerform session data garbage collection

    Description

    session_gc(): int|false

    session_gc() is used to perform session data GC (garbage collection). PHP does probability based session GC by default.

    Probability based GC works somewhat but it has few problems. 1) Low traffic sites' session data may not be deleted within the preferred duration. 2) High traffic sites' GC may be too frequent GC. 3) GC is performed on the user's request and the user will experience a GC delay.

    Therefore, it is recommended to execute GC periodically for production systems using, e.g., "cron" for UNIX-like systems. Make sure to disable probability based GC by setting session.gc_probability to 0.

    Parameters

    This function has no parameters.

    Return Values

    session_gc() returns number of deleted session data for success, false for failure.

    Old save handlers do not return number of deleted session data, but only success/failure flag. If this is the case, number of deleted session data became 1 regardless of actually deleted data.

    Examples

    Example #1 session_gc() example for task managers like cron

    <?php
    // Note: This script should be executed by the same user of web server process.

    // Need active session to initialize session data storage access.
    session_start();

    // Executes GC immediately
    session_gc();

    // Clean up session ID created by session_gc()
    session_destroy();
    ?>

    Example #2 session_gc() example for user accessible script

    <?php
    // Note: session_gc() is recommended to be used by task manager script, but
    // it may be used as follows.

    // Used for last GC time check
    $gc_time = '/tmp/php_session_last_gc';
    $gc_period = 1800;

    session_start();
    // Execute GC only when GC period elapsed.
    // i.e. Calling session_gc() every request is waste of resources.
    if (file_exists($gc_time)) {
    if (    filemtime($gc_time) < time() - $gc_period) {
    session_gc();
    touch($gc_time);
    }
    } else {
    touch($gc_time);
    }
    ?>

    See Also

    Improve This Page

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 1 note

    up
    0
    ridaelkouri at gmail dot com
    16 days ago
    The session.gc() function does not seem to work alone. it deletes the data on the server but the data remains on the browser in the form of the cookie. the following code deletes the session files on the server but not on the browser.

    ini_set('session.gc_maxlifetime', 10);
    ini_set('session.gc_probability', 1);
    ini_set('session.gc_divisor', 1);

    // Start the session
    session_start();
    $_SESSION['test'] = 'temporary data';

    session_write_close();

    // Wait for 15 seconds to ensure the session expires
    sleep(15);

    // Manually start the session again to trigger session handling
    session_start();

    session_gc();

    // Check if the session data is still available
    if (isset($_SESSION['test'])) {
    echo "Session is still active.";
    } else {
    echo "Session expired and file deleted.";
    }

    but this code delete the session files on the server and also deletes the cookie as well as making the super global empty:

    session_start();
    $_SESSION['test'] = 'temporary data';

    session_write_close();

    // Wait for 15 seconds to ensure the session expires
    sleep(15);

    session_start();

    // Manually trigger garbage collection
    setcookie(session_name(), '', time() - 10);
    $_SESSION = [];
    session_gc();

    // Check if the session data is still available
    if (isset($_SESSION['test'])) {
    echo "Session is still active.";
    } else {
    echo "Session expired and file deleted.";
    }
    add a note
    To Top