register_session_gc_handler proposal

Emil Ivanov wrote:

The case is simple:
A user is allowed to upload files to the server, which are store in a
temporary location and their filenames are stored in the session.
The user leaves the site and the session gets destroyed, but the files
remain untouched.
If I can hook to the gc session function that will solve my case, but
currently with session_set_save_handler I have to rewrite session handling,
which I don't need...
So a simple hook will be very useful.
Hi,

I've also been looking into how this could be implemented elegantly and
I'd like to propose the following:

• Create a class exposed to userland called something like
  SessionDefaultHandler, which wraps the session module defined at startup.
• Alter session_set_save_handler() to alternatively take a single
  argument, a class name.
• The given handler class must extend SessionDefaultHandler and may
  override any of its methods.
• Alter the user session module to use the child class if it's been
  registered.

This would provide an elegant solution to your particular problem, as
well as allowing any default session functions to be overridden, wrapped
or called independently.

<?php
class MySessionHandler extends SessionDefaultHandler {
function gc($maxlifetime)
{
parent::gc($maxlifetime);
$time = time();
foreach (glob('images/*') as $file) {
if ($time - filemtime($file) > $maxlifetime) {
unlink($file);
}
}
return true;
}
}
session_set_save_handler('MySessionHandler');
?>

Any thoughts?

Arpad

Sorry to bother you, as I know you are quite busy, but I have a
problem and
maybe a elegant solution does not exist right now.

The case is simple:
A user is allowed to upload files to the server, which are store in a
temporary location and their filenames are stored in the session.

Store the filename somewhere else as well?

The user leaves the site and the session gets destroyed, but the files
remain untouched.
If I can hook to the gc session function that will solve my case, but
currently with session_set_save_handler I have to rewrite session
handling,
which I don't need...

You'd only need to override the session_destroy function, and, as I
recall, you can override just ONE of the functions somehow... By
passing in NULL for the other args to session_set_save_handler maybe?
Or maybe that was just a proposal of how to do that...

So a simple hook will be very useful.

A simple HACK and probably a Bad Idea would be to cron a walk through
every session file and make an array of the files in user and then the
directory of files uploaded hanging around and array_difference the
two and nuke the unused files.

Just be SURE you always set the $_SESSION var and call
session_write_close before you move the file, or you'll end up with
a race condition where you end up nuking a file that hasn't had its
session data written to disk yet.

Document the hell out of this if you do it, or you'll end up
re-factoring and messing that race condition up, and you'll have an
intermittent bug that appears mostly under heavy load, probably.
[shudder]

I know there are problems as how will I know which entry has been
destroyed...

Overriding the session handler is not all that hard, really, and
probably the best available widely-understood idiom.

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?