seems session_destroy for logout crashes server?

[n3mesis125]

Hey everyone, I seem to have a problem when all of my users logout at the end of their shift using my endshift script. I've provided the script below in case there is something off in my code that may be causing this crash/lag.

 

<?php

include('includes/sessions.inc');
require_once('Connections/db.php');
mysql_select_db($database_db, $db);

$setUser = $_SESSION['userID'];
$shiftstart = $_SESSION['shift_date'];
$servOff = $_SESSION['offset'];
$setTime = time() - $servOff;
$reason = $_POST['sel_eshift'];
$other = $_POST['o_specify'];
$comm = $_POST['es_comm'];

if ($reason == "sick" || $reason == "appointment") { $setEarly = 1; } else { $setEarly = 0; }

$qlog = "SELECT *
	 FROM logins
	 WHERE username='" .$setUser. "' AND start_date='" .$shiftstart. "'";
$rlog = mysql_query($qlog);

while ($row = mysql_fetch_array($rlog)) {
    $cshift = $row['is_early'];
}

if ($reason != "pc_reboot" && $reason != "switch_pc") {

if ($cshift == 1) {
    $query = "UPDATE logins SET cshift_finish1='" .$setTime. "' WHERE username='" .$setUser. "' AND start_date='" .$shiftstart. "'";
} else {
    $query = "UPDATE logins SET finish_time='" .$setTime. "', is_early='" .$setEarly. "', early_type='" .$reason. "', early_info='" .$comm. "' WHERE username='" .$setUser. "' AND start_date='" .$shiftstart. "'";
}

}

$result = mysql_query($query);

session_destroy();

print "<html>";
print "<head>";
print "<title>Back Office - Logout Successful</title>";
print "<script language='javascript'>\n";
print "top.close();\n";
print "</script>";
print "</head>";
print "<body>";
print "</body>";
print "</html>";

?>

 

Whenever multiple people are logging out at the same time the server hangs on this script to log them out. All of the sessions are stored in the path /sessions, I can't for the life of me figure out what is going on that it hangs. Should I not use session_destroy() and just manually delete all of the sessions each day?

[BlueSkyIS]

you don't have to session_destroy if you don't want to. PHP will use it's garbage collecting (gc) to remove sessions as they time out.

[wildteen88]

you don't have to session_destroy if you don't want to. PHP will use it's garbage collecting (gc) to remove sessions as they time out.

garbage collection does not run all the time by default the gc process has something like a 1% of running on each session_start request.

[n3mesis125]

But would session_destroy() cause a huge lag when people are logging out of my system? I didn't seem to bog or lag before but just in the last week it has been doing this and if anyone else is still logged in, the rest of the web interface goes extremely slow and sometimes will display 'page cannot be displayed' errors because of the lag issue when people logout.

[jonsjava]

This may not be the preferred method, but you could set up a "session checker variable" (don't know the proper name, only know how to use it).

 

What you do is set up a session variable that is constant after every login

Example:

$_SESSION['is_valid'] = true;

When someone goes to logout, set all their session variables to null, and set the checker value to false

$_SESSION['is_valid'] = false;

That way you aren't destroying sessions (and hanging the server), you are just setting the variables to null or false. If that doesn't work, you may have too much going on for your server to keep up.

 

As I said, this is not a preferred method, it's just a method that could work in your situation.