CGI::Session files are only MARKED for deletion with delete(). They are actually deleted on next access. Thus, if that session ID gets lost somehow, it will never get deleted.

There was a previous discussion similar to this not too long ago.

I created a snippet to delete all expired sessions.

Update: I took a look at CGI::Session again. Apparently flush() is called in the destructor, which calls remove() if the session is to be deleted. Hrmm, odd. Maybe try calling flush() explicitly after the delete?

HTH

Here's the snippet:


my $session = new CGI::Session(undef, $query,{Directory=>"/tmp/data"})
+;

$cookie = $query->cookie(CGISESSID => $session->id );
print $query->header(-cookie=>$cookie);

print $query->start_html( "Blah Blah" );

$session->delete( );
$session->flush();
[download]

As you can see, I did try calling flush, but it doesn't help. I read your snippet (before posting no less 8-), but I thought that code was for maintenance of sessions that were abandoned.

The CGI::Session::File.pm code does an unlink on the file, but I haven't tried tracing the excetuion. Thanks again.

True, it is for expired sessions rather than explicitly deleted sessions but here's a one line change to do both:

Change

if ( time() >= $D->{ _SESSION_ETIME } + $D->{ _SESSION_ATIME } ) {
[download]

To

if ( time() >= $D->{ _SESSION_ETIME } + $D->{ _SESSION_ATIME } or $D->
+{ _STATUS } == 2 ) {
[download]

Warning: untested.

--
"To err is human, but to really foul things up you need a computer." --Paul Ehrlich

I've found that often when trying to boil a problem down to a presentable snippet I discover the solution myself. YMMV. At very least, doing so will provide us with something to look at to pinpint the issue.