http://qs1969.pair.com?node_id=70695


in reply to Re: Secure passwords again
in thread Secure passwords again

The alternative to stating a directory full of session files is to give those session files (partly) date related names - ie, they could start with YYYYMMDDHHMM - then, you get a list of the files, sort it, start at the beginning and delete until you find a file which is sufficiently new. Because of the ordering of the list, you know that the rest of the files in the list are new enough not to be deleted.

It all depends on how more expensive a load of system calls compared to a sort () is, I guess. Yet another method would be to have a directory tree that holds the session files - with a directory for each time period, possibly called YYYYMMDDHH. You implement the same culling as above, except now, the actual number of session files has no effect on the culling algorithm - we've grouped all the files created in a one hour period in their own directory, and we're just considering the directories now.

That last method should mean that you only ever have three directories at most - you can't delete the second most recent, because that hasn't necessarily expired. And if a session from one of the older directories is used again, it gets restored in the newest directory. Hopefully that makes sense...