This is an old revision of the document!

PHP RFC: Your Title Here

  • Version: 0.9
  • Create Date: 2014-03-13
  • Modify Date: 2014-03-13
  • Author: Yasuo Ohgaki, yohgaki@ohgaki.net
  • Status: Draft


Current session GC depends on probability. Thus, low traffic sites would not delete expired session data and could be usable as valid session. Traffic varies day and night time for high traffic sites. Chances are high that expired session may not be deleted as it should.

The best way to purge old session data is executing GC periodically.


Option 1 - Let user call GC

  • Add session_gc() API.
  • Document calling session_gc() periodically is the best practice.

Option 2 - Change save handler

  • Let save handlers to check last GC time.
  • If last GC time is over session.expire, then execute GC.

Backward Incompatible Changes


Proposed PHP Version(s)

PHP 5.x+

SAPIs Impacted


Impact to Existing Extensions

  • Option 1 : Session module have new API (session_gc())
  • Option 2 : Session save handlers including 3rd party modules.

New Constants


php.ini Defaults

No INI changes

If there are any php.ini settings then list:

  • hardcoded default values
  • php.ini-development values
  • php.ini-production values

Open Issues


Unaffected PHP Functionality

Future Scope

Removing probability based GC.

Proposed Voting Choices

VOTE: 2014/XX/XX - 2014/XX/XX

Deprecate INI functions
Real name Keep current Option 1 (session_gc()) Option 2 (Modify save handlers)
Final result: 0 0 0
This poll has been closed.

State whether this project requires a 2/3 or 50%+1 majority (see voting)

Patches and Tests



After the project is implemented, this section should contain

  1. the version(s) it was merged to
  2. a link to the git commit(s)
  3. a link to the PHP manual entry for the feature


Links to external references, discussions or RFCs

Rejected Features

Keep this updated with features that were discussed on the mail lists.

rfc/session-gc.1394680803.txt.gz · Last modified: 2017/09/22 13:28 (external edit)