PHP Conference Nagoya 2025

session_gc

(PHP 7 >= 7.1.0, PHP 8)

session_gcPerform session data garbage collection

Description

session_gc(): int|false

session_gc() is used to perform session data GC (garbage collection). PHP does probability based session GC by default.

Probability based GC works somewhat but it has few problems. 1) Low traffic sites' session data may not be deleted within the preferred duration. 2) High traffic sites' GC may be too frequent GC. 3) GC is performed on the user's request and the user will experience a GC delay.

Therefore, it is recommended to execute GC periodically for production systems using, e.g., "cron" for UNIX-like systems. Make sure to disable probability based GC by setting session.gc_probability to 0.

Parameters

This function has no parameters.

Return Values

session_gc() returns number of deleted session data for success, false for failure.

Old save handlers do not return number of deleted session data, but only success/failure flag. If this is the case, number of deleted session data became 1 regardless of actually deleted data.

Examples

Example #1 session_gc() example for task managers like cron

<?php
// Note: This script should be executed by the same user of web server process.

// Need active session to initialize session data storage access.
session_start();

// Executes GC immediately
session_gc();

// Clean up session ID created by session_gc()
session_destroy();
?>

Example #2 session_gc() example for user accessible script

<?php
// Note: session_gc() is recommended to be used by task manager script, but
// it may be used as follows.

// Used for last GC time check
$gc_time = '/tmp/php_session_last_gc';
$gc_period = 1800;

session_start();
// Execute GC only when GC period elapsed.
// i.e. Calling session_gc() every request is waste of resources.
if (file_exists($gc_time)) {
if (
filemtime($gc_time) < time() - $gc_period) {
session_gc();
touch($gc_time);
}
} else {
touch($gc_time);
}
?>

See Also

add a note

User Contributed Notes 1 note

up
0
ridaelkouri at gmail dot com
29 days ago
The session.gc() function does not seem to work alone. it deletes the data on the server but the data remains on the browser in the form of the cookie. the following code deletes the session files on the server but not on the browser.

ini_set('session.gc_maxlifetime', 10);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);

// Start the session
session_start();
$_SESSION['test'] = 'temporary data';

session_write_close();

// Wait for 15 seconds to ensure the session expires
sleep(15);

// Manually start the session again to trigger session handling
session_start();

session_gc();

// Check if the session data is still available
if (isset($_SESSION['test'])) {
echo "Session is still active.";
} else {
echo "Session expired and file deleted.";
}

but this code delete the session files on the server and also deletes the cookie as well as making the super global empty:

session_start();
$_SESSION['test'] = 'temporary data';

session_write_close();

// Wait for 15 seconds to ensure the session expires
sleep(15);

session_start();

// Manually trigger garbage collection
setcookie(session_name(), '', time() - 10);
$_SESSION = [];
session_gc();

// Check if the session data is still available
if (isset($_SESSION['test'])) {
echo "Session is still active.";
} else {
echo "Session expired and file deleted.";
}
To Top