Abandoned sessions (e.g. a user session is created and the user never returns) will never be accessed again so the CGI::Session will never check to see if they have expired.
The following code can be run from the command line and will delete expired session files (and will print out the IDs that have been deleted). NOTE: I've only minimally tested this on Win2k. You might want to perform some thorough testing before deploying this in a production environment.
use strict;
use File::Find;
use CGI::Session;
use constant SESSION_DIR => '/tmp/';
find( \&wanted, SESSION_DIR );
sub wanted {
return unless /^cgisess_(.*)/;
my $s = CGI::Session->new( undef, $1, { Directory => SESSION_DIR }
+ );
$s->delete && print "$1\n" if $s->is_new;
}
The code will look through all "cgisess" files, assuming they're stored in /tmp. If the session has expired it will be auto-deleted by CGI::Session. However, CGI::Session then creates a NEW session, so we have to delete it before we exit out or we'll just create a new file to replace the one we've deleted! CAVEAT: This code modifies the ATIME on un-expired sessions.
--
"To err is human, but to really foul things up you need a computer." --Paul Ehrlich