This project is not covered by Drupal’s security advisory policy.

Expires rows from the session table older than a certain time.


By default, Drupal ships with a session expiration time of just over 23 days, using this directive in settings.php:

ini_set('session.cookie_lifetime',  2000000);

However, for this to work automatically, it requires PHP's garbage collection to be configured correctly.

Since some distributions, e.g. Debian and Ubuntu do not ship with PHP defaults that triggers PHP garbage collection, there is a need to also set the following:

ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);

This will work, but has some drawbacks:

  • It will be triggered at some random time, rather than at a predictable time.
  • It could slow the response for the unlucky user who happens to trigger it.

So, on sites with a distribution that is not setup as above, or on really busy sites, the sessions table can grow to be very large, and that can cause slow accesses to it, as well as slow writes due to locking, leading to performance bottlenecks.


This module moves this functionality to cron, and hence is a background process, and is consistent and predictable regardless of PHP's garbage collection configuration of your distribution.

Using this module, the advantages are:

  • This module trims the sessions table on a regular basis, and therefore performance bottlenecks caused by a large session table are avoided (mainly slow queries).
  • This module will work regardless of how PHP is setup, and will work on all distributions.
  • This module executes from cron, and therefore happens in the background, not at random when someone is browsing the site, subject to the unpredictable whims of garbage collection of PHP.
  • This module makes it more predictable when sessions are expired, specially when paired with Elysia cron. For example, it can be set to trigger on 3 am in the morning when traffic is at its lowest, or on the weekend.
  • This module is also more configurable since you can expire logged in or anonymous or both.


This module was proposed as a change to core in #72856: Expire Anonymous user sessions, but there was lack of consensus on it.

This module may be an incomplete, even useless, solution for sites which store sessions in Memcached.


To install, copy the module's directory and all its contents to your modules directory.


To enable this module, visit Administer -> Site building -> Modules.

To configure it, go to Administer -> Site configuration -> Session Expire.

The default settings are suitable for most sites, but you can adjust them to your particular needs. The instructions there should be self explanatory.


This module was developed with sponsorship funding from the following sites:


Khalid Baheyeldin of

The author can also be contacted for paid customizations of this module as well as Drupal consulting,
installation, development, and customizations.

Project information