man CGI::Session::ExpireSessions () - Delete expired CGI::Session db-based and file-based sessions


CWCGI::Session::ExpireSessions - Delete expired CGI::Session db-based and file-based sessions



        use strict;
        use warnings;

        use CGI::Session::ExpireSessions;
        use DBI;

        # -----------------------------------------------

        my($dbh) = DBI -> connect
            AutoCommit         => 1,
            PrintError         => 0,
            RaiseError         => 1,
            ShowErrorStatement => 1,

        CGI::Session::ExpireSessions -> new(dbh => $dbh, verbose => 1) -> expire_db_sessions();
        CGI::Session::ExpireSessions -> new(temp_dir => '/tmp', verbose => 1) -> expire_file_sessions();


CWCGI::Session::ExpireSessions is a pure Perl module.

It deletes CGI::Session-type sessions which have passed their use-by date.

It works with CGI::Session-type sessions in a database or in disk files, but does not work with CGI::Session::PureSQL-type sessions.

Sessions can be expired under one of three conditions:

You deem the session to be expired as of now
You want the session to be expired and hence deleted now because it's last access time is longer ago than the time you specify in the call to new, using the delta parameter. That is, delete the session because the time span, between the last access time and now, is greater than delta. In other words, force sessions to expire. The module has always used this condition to delete sessions.
The session has already expired
This condition is new as of V 1.02. You want the session to be deleted now because it has already expired. That is, you want this module to delete the session, rather than getting CGI::Session to delete it, when CGI::Session would delete the session automatically if you used CGI::Session to retrieve the session. Note: This condition assumes the session's expiration time is defined (it does not have to be).
The file size is <= 5 bytes and was accessed more than 'delta' seconds ago
This condition is new as of V 1.03. See below for how to provide a value of delta to the constructor. CGI::Session sometimes creates a file of size 0 bytes, so this test checks for such files, and deletes them if they are old enough.

Sessions are deleted if any of these conditions is true.

Sessions are deleted from the 'sessions' table in the database, or from the temp directory, depending on how you use CGI::Session.


This module is available both as a Unix-style distro (*.tgz) and an ActiveState-style distro (*.ppd). The latter is shipped in a *.zip file.

See for details.

See for help on unpacking and installing each type of distro.


For file-based sessions, CWCGI::Session::ExpireSessions parses the first line of the file, using eval{}, in an attempt to determine the access and expiration times recorded within the file.

So, if you are uneasy about the security implication of this, don't use this module.

Constructor and initialization

new(...) returns a CWCGI::Session::ExpireSessions object.

This is the class's contructor.

Usage: CGI::Session::ExpireSessions -> new().

This method takes a set of parameters. Only some of these parameters are mandatory.

For each parameter you wish to use, call new as new(param_1 => value_1, ...).

This is a database handle for the database containing the table 'sessions'. Either this parameter is mandatory, or the temp_dir parameter is mandatory.
This is the number of seconds after the last access to the session, which determines whether or not the session will be expired. The default value is 2 * 24 * 60 * 60, which is the number of seconds in 2 days. Sessions which were last accessed more than 2 days ago are expired. This parameter is optional.
This is the name of the database table used to hold the sessions. The default value is 'sessions'. This parameter is optional.
This is the name of the temp directory where you store CGI::Session-type session files. The default value is '/tmp'. Either this parameter is mandatory, or the dbh parameter is mandatory.
This is a integer, 0 or 1, which - when set to 1 - causes progress messages to be written to STDOUT. The default value is 0. This parameter is optional.

Method: expire_db_sessions()

Returns nothing.

This method uses the dbh parameter passed to CWnew() to delete database-type sessions.

Method: expire_file_sessions()

Returns nothing.

This method uses the temp_dir parameter passed to CWnew() to delete file-type sessions.

Example code

See the examples/ directory in the distro.

There is 1 demo file:

Related Modules


Required Modules



CWCGI::Session::ExpireSessions was written by Ron Savage <> in 2004.

Home page:


Australian copyright (c) 2004, Ron Savage. All rights reserved.

        All Programs of mine are 'OSI Certified Open Source Software';
        you can redistribute them and/or modify them under the terms of
        The Artistic License, a copy of which is available at: