added script to delete old session files

Author: Raaghu

README.md

@@ -38,4 +38,12 @@ Session timeout in seconds , this value is used to calculate Set-Cookie's expire
 name of the session , this is the cookie name sent to the client
 
 #### sessionFilePrefix
-this is the prefix for session file names for this application , since all the session files are stored in same directory , this helps to categories the session files for each application
+this is the prefix for session file names for this application , since all the session files are stored in same directory , this helps to categories the session files for each application
+
+## Scripts
+#### delete-expired-sessions
+
+to delete the expired session files , run this script (manually or in a cron job) in regular intervals
+```
+$ ./vendor/bin/delete-expired-sessions
+```

bin/delete-expired-sessions

@@ -0,0 +1,21 @@
+#!/usr/bin/env php
+<?php
+
+function includeIfExists($file)
+{
+    if (file_exists($file)) {
+        return include $file;
+    }
+}
+
+if ((!$loader = includeIfExists(__DIR__.'/../vendor/autoload.php')) && (!$loader = includeIfExists(__DIR__.'/../../../autoload.php'))) {
+    print('You must set up the project dependencies, run the following commands:'.PHP_EOL.
+        'curl -s http://getcomposer.org/installer | php'.PHP_EOL.
+        'php composer.phar install'.PHP_EOL);
+    die(1);
+}
+
+error_reporting(0);
+
+$deleteExpiredSessions = new \PhpPlatform\WebSession\DeleteExpiredSessions();
+$deleteExpiredSessions->run();

composer.json

@@ -15,6 +15,9 @@
 			"role" : "Software Developer"
 		}
 	],
+	"bin" : [
+		"bin/delete-expired-sessions"
+	],
 	"require" : {
 		"php" : ">=5.4",
 		"php-platform/session" : "~0.1"

src/WebSession/DeleteExpiredSessions.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace PhpPlatform\WebSession;
+
+use PhpPlatform\JSONCache\Cache;
+use PhpPlatform\Config\Settings;
+
+class DeleteExpiredSessions {
+	
+	static function run(){
+		$lastAccessKeyRP = new \ReflectionProperty('PhpPlatform\WebSession\Session', '_lasAccessKey');
+		$lastAccessKeyRP->setAccessible(true);
+		$lastAccessKey = $lastAccessKeyRP->getValue();
+		$sessions = Cache::getInstance()->getData($lastAccessKey);
+		
+		if(is_array($sessions)){
+			$sessionFilePrefix = Settings::getSettings(Package::Name,'sessionFilePrefix');
+			$sessionTimeOut    = Settings::getSettings(Package::Name,'timeout');
+			$sessionSalt       = Settings::getSettings(Package::Name,'salt');
+			
+			foreach ($sessions as $sessionId=>$lastAccessTime){
+				if(time() - $lastAccessTime > 2 * $sessionTimeOut){
+					$sessionFileName = md5($sessionSalt.$sessionId);
+					$sessionFileName = $sessionFilePrefix.$sessionFileName;
+					if(is_file($sessionFileName)){
+						unlink($sessionFileName);
+					}
+				}
+			}
+		}
+	}
+	
+}

src/WebSession/Session.php

@@ -7,7 +7,7 @@
 use PhpPlatform\Config\Settings;
 
 class Session extends Cache implements ISession{
-	private $_lasAccessKey = "php-platform.web-session.last-access";
+	static private $_lasAccessKey = "php-platform.web-session.last-access";
 	private $id = null;
 	private static $session = null;
 
@@ -23,11 +23,11 @@ protected function __construct(){
 		if(array_key_exists($sessionCookieName, $_COOKIE)){
 			// cookie is set
 			$sessionCookie = $_COOKIE[$sessionCookieName];
-			$sessionLastAccessTime = Cache::getInstance()->getData($this->_lasAccessKey.'.'.$sessionCookie);
+			$sessionLastAccessTime = Cache::getInstance()->getData(self::_lasAccessKey.'.'.$sessionCookie);
 
 			if(isset($sessionLastAccessTime) && time() - $sessionLastAccessTime < $sessionTimeOut){
 				// session not expired
-				$sessionFileName = md5($sessionSalt.$_COOKIE[$sessionCookieName]);
+				$sessionFileName = md5($sessionSalt.$sessionCookie);
 				$this->cacheFileName = $sessionFilePrefix.$sessionFileName;
 				$validSession = true;
 			}
@@ -39,7 +39,7 @@ protected function __construct(){
 			while(isset($sessionLastAccessTime)){
 				// generate a non-colliding session cokiee
 				$sessionCookie = md5(microtime().$_SERVER['REMOTE_ADDR'].rand(1,1000));
-				$sessionLastAccessTime = Cache::getInstance()->getData($this->_lasAccessKey.'.'.$sessionCookie);
+				$sessionLastAccessTime = Cache::getInstance()->getData(self::_lasAccessKey.'.'.$sessionCookie);
 			}
 			$sessionFileName = md5($sessionSalt.$sessionCookie);
 			$this->cacheFileName = $sessionFilePrefix.$sessionFileName;
@@ -106,7 +106,7 @@ public function reset($flag = 0) {
 
 	private function setLastAccessTime($time){
 		$lastAccessTime = array($this->id=>$time);
-		$cachePaths = array_reverse(explode(".", $this->_lasAccessKey));
+		$cachePaths = array_reverse(explode(".", self::_lasAccessKey));
 		foreach ($cachePaths as $cachePath){
 			$lastAccessTime = array($cachePath=>$lastAccessTime);
 		}
@@ -118,7 +118,7 @@ private function removeSessionSetCookieHeader($sessionName){
 		$cookiesToBeRestored = array();
 		foreach ($headers as $header){
 			if(strpos($header, "Set-Cookie:") === 0){
-				// SetCookiee Header
+				// SetCookie Header
 				if(strpos($header, "Set-Cookie: $sessionName=") !== 0){
 					// not a session SetCookie header
 					$cookiesToBeRestored[] = $header;
@@ -127,7 +127,7 @@ private function removeSessionSetCookieHeader($sessionName){
 		}
 		header_remove("Set-Cookie");
 		foreach ($cookiesToBeRestored as $header){
-			header($header);
+			header($header,false);
 		}
 	}