php - Does CodeIgniter's ci_sessions need occasional emptying?


I am using CI's sessions in connection with a database. So all of our sessions are in this ci_sessions table on our database and it can get a lot of rows, considering that the session_id keep changing every 5 minutes.

Do we need to empty the table, say every one a month / week maybe?




While what @Marc-Audet said is true, if you take a look at the code, you can see it is a really lousy way to clean up sessions.

The constructor calls the_sess_gc function every time it is initiated. So, basically each request to your server if you have it autoloaded.

Then, it generates a random number below 100 and sees if that's below a certain value (by default it is 5). If this condition is met, then it will remove any rows on the session table withlast_activity value less than current time minus your session expiration.

While this works for most cases, it is technically possible that (if the world is truly random) the random number generator does not generate a number below 5 for a long time, in which case, your sessions will not be cleaned up.

Also, if you have your session expiry time set to a long time (if you set to 0, CI will set it to 2 years) then those rows are not going to get deleted anyway. And if your site is good enough to get a decent amount of visitors, your DBA will be pointing fingers at the session table some time soon :)

It works for most cases - but I would not call it a proper solution. Their session id regeneration really should have been built to remove the records pertaining to the previous ids and the garbage collection really should not be left to a random number - in theory, it is possible that the required number is not generated as frequently as you wished.

In our case, I have removed the session garbage collection from the session library and I manually take care of it once a day (with a cron job .. and a reasonable session expiration time). This reduces the number of unnecessary hits to the DB and also does not leave a massive table in the DB. It is still a big table, but lot smaller than what it used to be.




Given the fact that the OP question doesn't have a CodeIgniter 2 tag, I'll answer how to deal with sessions cleanup when the database keeps growing for CodeIgniter 3.

When you set (in the config.php file)sess_expiration key too high (let's say 1 year) andsess_time_to_update key low (let's say 5 min), the session table will keep growing as the users browse though your website, until sessions rows will expire and will be garbage collected (which is 1 year).

Settingsess_regenerate_destroy key toTRUE (default set toFALSE) will delete an old session when it will regenerate itself with the new id, thus cleaning your table automatically.




No, CodeIgniter cleans up after itself...

According to the CodeIgniter documentation:

The Session class has built-in garbage collection which clears out expired sessions so you do not need to write your own routine to do it.

CodeIgniter's Session Class probably checks the session table and cleans up expired entries. However, the documentation does not say when the clean up happens. Since there are no cron jobs as part of CodeIgniter, the clean up must occur when the Session class is invoked. I suppose if the site remains idle forever, the session table will never be cleared. But, this would be an unusual case.




CodeIgniter implements the SessionHandlerInterface (see the docs for the custom driver).

CodeIgniter defines a garbage collector method named gc() for each driver (database, file, redis, etc) or you can define your custom gc() for your custom driver.

The gc() method is passed to PHP with the session_set_save_handler() function, therefore the garbage collector is called internally by PHP based on session.gc_divisor, session.gc_probability settings.

For example, with the following settings:

session.gc_probability = 1
session.gc_divisor = 100

There is a 1% chance that the garbage collector process starts on each request.

So, you do not need to clean the session table if your settings are properly set.




When you call:


It deletes the information in database by itself.




It is always good practice to clear the table. Otherwise, if your querying the session data for say creating reports or something, it will be slow and unreliable. Nevertheless, given the performance of mysql, yes do so.

People are also looking for solutions to the problem: php - cURL login loses session variables when redirected


Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.