Having switched to a VPS one of the first things that happened was our /tmp partition maxed out with PHP session files. No big deal, just deleted the old ones, but of course this will continue to happen if PHP is not removing timed-out sessions itself. df tells me that a separate device, presumably just some other disk partition, I haven’t checked, is mounted on /tmp with a capacity of just 128M.
Right now I’ve got a cron job that runs every 15 mins and deletes any session file that has not been accessed for 60 minutes or more. This should keep on top of things.
So I guess I’m looking for some advice from others about managing the session files (or getting PHP to do it for me). It’s always something I was curious about - how the PHP interpreter knew when session files could be deleted, how it went about doing so, and why my servers (at home and in public) never ended up flooded with session files. But they didn’t, so my curiosity never got the better of me, I just figured that the issue had obviously also occurred to the PHP folks and that they had it managed.
Is it worth contacting support to ask if the /tmp partition can be any bigger (I guess I should check the mtab first)? Should I reconfigure php.ini to put my session files in a different place on my main storage instead of on the /tmp partition? Should I use database sessions instead of files-based sessions? Or is the problem simply that, because users don’t always log off, some sessions just never get destroyed so the brutal cron job is just a necessary evil?
Thanks in advance.