PHP session management and temporary file cleanup

By default, PHP manages sessions during requests. This simplifies installation, because no cron job is required. To allow performance tuning, several configuration settings are allowed to adjust the frequency of the session cleanup checking and execution.

In the default php.ini, there is the following line:

cd /path/to/sessions; find -cmin +24 | xargs rm

Added as a cron job, this can be executed at set intervals (every one to five minutes is probably good), to clear the session file storage directory of files older than 24 minutes. Once implemented the find command can replace the default PHP session cleanup, so those configuration variables can be set to never check for session timeouts. This will speed PHP processing, although it may be imperceptible. It will also improve your control of session length, because the checking and clearing are executed based on time, not PHP requests.

Name any temporary files required to support the session with the session id, plus an extension to indicate the type and use. For example 4365kh2kj54dfg2kjh12.wav, 4365kh2kj54dfg2kjh12.rpt.txt, 4365kh2kj54dfg2kjh12.rpt.html. This allows a second session cleanup script to check for the presence of the session file based on the temporary file’s basename, and delete the temporary files. The second session cleanup script can be included in the main PHP script, or run as a separate cron job, unless the contents of the temporary files could be considered protected data, in which case they should be removed as soon as the session is terminated.

If authentication (logout) is also used to destroy sessions, a mechanism should be provided to clear any related, sensitive, files.

Questions to Ask References for Web Development Companies

Check references for sites similar to the one you would like.

Key questions / topics:

  • Tell them about how much you are willing to spend to get an idea of what the site cost. If your budget is far below the site cost, it may not be a good match.
  • Was the work was done on time and within the budget?
  • Are any recurring fees? Hosting? Maintenance?
  • Issues with email, including spam?
  • Problem resolution - was the company helpful when difficulties arose or changes were requested.

javascript - Common applications

I consider javascript the language of last resort. The browser compatibility and security issues associated with it can make it the most complex part of a page. For this reason, I strive to deliver pages to the browser ready for display. This isn’t always possible.

javascript is a vital part of web development, and I use it alot, but carefully. The following list describes some of the most common uses of javascript:

  • Alert boxes (usually just debugging)
  • Confirm boxes - great for ‘Are you sure … ‘ processing
  • Detection of form inputs changed to ensure user doesn’t lose changes
  • Changing state of buttons and inputs to disabled/readonly and back again
  • Changing status displays, like colors or text on the page
  • Opening new windows (window.open), often used for help and … Easter Eggs :)
  • Timers (see post about Ladybug)
  • Google (and other) Map APIs - these are cool http://code.google.com/apis/maps/documentation/
  • Hiding content / menuing, using style.display="block/inline/none”
  • Client-side validation and assisting the user in correcting errors, must revalidate on on server-side
  • Page level validation - Ensuring that inputs are not only valid, but valid with respect to each other - for example if the status is ‘extended absence’, a return date must be specified. As mentioned about, server-side validation must also be performed.
  • RIAs (Rich Internet Applications) - Sophisticated interfaces. These are usually based off javascript libraries & kits like dojo. Fundamental javascript skills are vital to work with the toolkits.
  • Control of players - like Windows Media player and Flash
  • Browser-specific page adjustments that can’t be done on the server-side
  • Used to add things like Google analytics, support external data collection systems http://www.google.com/analytics/, also Google ads
  • Choosing different .CSS files - often used to assist visually impaired site visitors with text size or color choices
  • AJAX
  • Input interaction - For example, if one input is chosen, another may be presented or set to a specific value

Google Map - Flying Ladybug (US)

The code snippet below allows you to add a ladybug (or any other image), to fly over a map. The coordinate boundaries are for the United States (min_lon, min_lat, max_lon, max_lat), but you can change them to suit your needs.

After a random number of seconds, the ladybug lands on the map. When the site visitor moves the mouse over the ladybug, she will fly to a different, random point on the map. This continues forever. The site visitor will tire of this long before the ladybug does. :)

This piece of code was named cartesian/optimize.js and included into page with a script tag. This allows you to quickly remove the code prior to deployment.

Recommended application … none. This is strictly for fun.

var bugIcon = new GIcon();
        bugIcon.iconSize=new GSize(32,32)
        bugIcon.shadowSize=new GSize(0,0)
        bugIcon.iconAnchor=new GPoint(16,32)
        bugIcon.infoWindowAnchor=new GPoint(16,0)
var bugFlag = new GIcon(bugIcon,'cartesian/bug.gif',null,null)

min_lon=-70
min_lat=30
max_lon=-130
max_lat=50
lat_range=max_lat-min_lat
lon_range=max_lon-min_lon
lat=(Math.random()*lat_range)+min_lat
lon=(Math.random()*lon_range)+min_lon

var bug=0

function makeBug()
{
bug=new GMarker(new GLatLng(lat, lon),bugFlag)
map.addOverlay(bug)
GEvent.addListener(bug, "mouseover", flyBug)
}

function flyBug()
{
lat=(Math.random()*lat_range)+min_lat
lon=(Math.random()*lon_range)+min_lon
map.removeOverlay(bug)
delete bug
bug=new GMarker(new GLatLng(lat, lon),bugFlag)
map.addOverlay(bug)
GEvent.addListener(bug, "mouseover", flyBug)
}

window.setTimeout("makeBug()", 25000*Math.random());

Thank You Malwarebytes

I don’t often “surf the ‘net", visiting unfamiliar sites. Most of my Internet access is in search of LAMP/RIA technical resources and answers, as well as contributing my own through this blog and on the appropriate sites.

Recently, I was checking a search engine for entries related to a site and I clicked on htxx:–aolpsycho.com-d-www.stkc.org (the xxs and -s are there to prevent it from being a real URL). It infected my computer with a nasty virus. Key filenames: brastk.exe, beep.sys, delself.bat, bnokdcme.exe, as well as others and registry corruption. It prevented execution of autoruns.exe, although renaming autoruns to a different name allowed it to run. It put a little red X image in the taskbar, prompting me to click to download ‘Antivirus2009′.

I won’t describe how the files were identified, or any of the other resolution tactics - to avoid assisting the authors. However, if it shows up on your computer, the posted link solved the problem on this machine very nicely.

Sincere thanks to the author and I will purchase a copy of the product.