I cringe when I see rm being used with some unknown parameter, seemingly derived from a web page.

For the love of your computer system, please run a shell or perl script instead, which does some amount of checking before a remove. It's only a matter of time before that rm comes back to bite you where the sun never shines. Imagine $session_file set to "-rf /" or "*" somehow. Sure, it can "never happen". Just wait.