Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This project is not covered by Drupal’s security advisory policy.
Expires rows from the session table older than a certain time.
Background
By default, Drupal ships with a session expiration time of just over 23 days, using this directive in settings.php:
ini_set('session.cookie_lifetime', 2000000);
However, for this to work automatically, it requires PHP's garbage collection to be configured correctly.
Since some distributions, e.g. Debian and Ubuntu do not ship with PHP defaults that triggers PHP garbage collection, there is a need to also set the following:
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
This will work, but has some drawbacks:
- It will be triggered at some random time, rather than at a predictable time.
- It could slow the response for the unlucky user who happens to trigger it.
So, on sites with a distribution that is not setup as above, or on really busy sites, the sessions table can grow to be very large, and that can cause slow accesses to it, as well as slow writes due to locking, leading to performance bottlenecks.
Advantages
This module moves this functionality to cron, and hence is a background process, and is consistent and predictable regardless of PHP's garbage collection configuration of your distribution.
Using this module, the advantages are:
- This module trims the sessions table on a regular basis, and therefore performance bottlenecks caused by a large session table are avoided (mainly slow queries).
- This module will work regardless of how PHP is setup, and will work on all distributions.
- This module executes from cron, and therefore happens in the background, not at random when someone is browsing the site, subject to the unpredictable whims of garbage collection of PHP.
- This module makes it more predictable when sessions are expired, specially when paired with Elysia cron. For example, it can be set to trigger on 3 am in the morning when traffic is at its lowest, or on the weekend.
This module is also more configurable since you can expire logged in or anonymous or both.
Notes
This module was proposed as a change to core in #72856: Expire Anonymous user sessions, but there was lack of consensus on it.
This module may be an incomplete, even useless, solution for sites which store sessions in Memcached.
Installation
To install, copy the module's directory and all its contents to your modules directory.
Configuration
To enable this module, visit Administer -> Site building -> Modules.
To configure it, go to Administer -> Site configuration -> Session Expire.
The default settings are suitable for most sites, but you can adjust them to your particular needs. The instructions there should be self explanatory.
Sponsors
This module was developed with sponsorship funding from the following sites:
Author
Khalid Baheyeldin of 2bits.com.
The author can also be contacted for paid customizations of this module as well as Drupal consulting,
installation, development, and customizations.
Project information
Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed.- Maintenance fixes only
Considered feature-complete by its maintainers. - Module categories: Administration Tools, Access Control, Developer Tools
918 sites report using this module- Created by kbahey on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
Releases
7.x-1.0-alpha1
released 31 August 2011
Works with Drupal: 7.x
Development version: 7.x-1.x-dev updated 28 Nov 2014 at 21:13 UTC
