I am building a web-app that users can upload certain files and work on them through the web-app interface. I need to store these files for the length of a users session. I am creating a folder for each user using the session_id as the folder name and storing the files in there.

The problem: There is nothing to indicate that a user walked away from my site and the session is going out of use. I need a cleanup script that takes the name of each folder and checks if that session_id is still active in order to delete unused and now unreachable folders. How can I do this?

I have had precisely the same issue. My solution was to check for the session file:

<?php
// clean-up script.  Get cron/windows task scheduler to run this every hour or so

// this is the path where PHP saves session files
$session_path = ini_get('session.save_path');

// this is the directory where you have created your folders that named after the session_id:
$session_files_dir = '/path/to/your/save/dir';

// loop through all sub-directories in the above folder to get all session ids with saved files:

if ($handle = opendir($session_files_dir)) {

    while (false !== ($file = readdir($handle))) {

        // ignore the pseudo-entries:
        if ($file != '.' && $file != '..') {

            // check whether php has cleaned up the session file
            if (  file_exists("$session_path/sess_$file")  ) {
                // session is still alive
            } else {
                // session has expired
                // do your own garbage collection here
            }

        }
    }

    closedir($handle);
}

?>

Note that this assumes that the session.save_handler ini setting is set to "files", the session.save_path setting does not have the directory-level prefix (i.e. does not match regex /^\d+;/ ) and that php's automatic session garbage collection is enabled. If either of the above assumptions are not true then you should be implementing manual session garbage collection anyway, so can add your clean-up code to that.

This also assumes that the only files in $session_files_dir are your per-session folders and they are all named after their associated session_id.

The problem you have is basically the same problem (on a less complex level) that occurs when you have got a custom session file directory. You need to clean it up yourself as well. The process is also known as garbage collection.

This is normally done by having a janitor job running on the server side that checks for outdated session files, or in your example, for outdated session directories (this can be a cron job).

This is how it works:

Most file-systems store the creation and last access date of a file. So if a session times out it has not been used any longer for X hours. So you can safely assume that if a session file has not been accessed within the last X hours that the session is dead and all files "older" than this amount of time can be safely deleted.

Job done. For your directory you might want to add a file inside you'd like to use as a testfile to track access time.

The php manual has some examples of that: http://www.php.net/manual/en/session.configuration.php#ini.session.save-path (look for the mod_files.sh script)

I found this helpful / I think it addresses your question:

Best place to store large amounts of session data

If you have access to the crontab or scheduled tasks of the server you could create a php file that only is allowed to execute locally which checks the expiration Date/Time value of all sessions found in your database. Each time a user updates this expiration Date/Time value would be updated to their next timeout value (+30 minutes, etc.).

Your scheduled task/crontab would find all those users who idled out and clean up the mess they left without logging off. I wouldn't suggest to have your scheduled task/crontab run too often. At least have the reoccurance spaced out a number of minutes that makes sense for your situation.