CHANGE: anonymous sessions (sessions created when user download the login page) have now a lifetime of 5 minutes (new MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME PHP constant) and are cleaned when have expired.

Pascal MARTINEZ · Pascal MARTINEZ · commit 99449d547f41 · 2025-08-13T21:40:10.000+02:00
CHANGE: the value of the new `MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME` PHP constant is displayed in the session configuration modal dialog.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # CHANGE LOG: User sessions (z4m_usersessions)
 
+## Version 1.4, 2025-08-11
+- CHANGE: anonymous sessions (sessions created when user download the login page) have now a lifetime of 5 minutes (new `MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME` PHP constant) and are cleaned when have expired.
+- CHANGE: the value of the new `MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME` PHP constant is displayed in the session configuration modal dialog.
+
 ## Version 1.3, 2025-06-27
 - BUG FIXING: E_WARNING - unserialize(): Extra data starting at offset 406 of 1042 bytes - ./engine/modules/z4m_usersessions/mod/UserSessionFile.php(78)
 
diff --git a/mod/UserSessionManager.php b/mod/UserSessionManager.php
@@ -19,8 +19,8 @@
  * --------------------------------------------------------------------
  * ZnetDK 4 Mobile User sessions class
  *
- * File version: 1.0
- * Last update: 06/10/2025
+ * File version: 1.1
+ * Last update: 08/13/2025
  */
 
 namespace z4m_usersessions\mod;
@@ -32,17 +32,74 @@ class UserSessionManager {
 
     /**
      * Clean expired user sessions by calling the PHP session_gc() function.
+     * if MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME PHP constant is set,
+     * anonymous sessions are also cleaned after the lifetime indicated.
      * @param boolean $isCurrentSessionDestroyed When set to TRUE, the current
      * user session is destroyed (PHP session_destroy() function) after session
      * cleaning.
-     * @return string Message indicating the number of cleaned sessions. 
+     * @return string Message indicating the number of cleaned sessions.
      */
-    static public function clean($isCurrentSessionDestroyed) {
+    static public function clean($isCurrentSessionDestroyed, $includeReport = FALSE) {
         $count = session_gc();
+        if ($count === FALSE) {
+            $report = "Failed to remove sessions by the garbage collector. ";
+        } else {
+            $report = "{$count} sessions removed by the garbage collector. ";
+        }
+        session_write_close(); // Avoid error "Session file xxx is empty".
+        try {
+            $count2 = self::cleanAnonymousSessions();
+            $report .= "{$count2} anonymous sessions removed. ";
+            $count += $count2;
+        } catch (\Exception $ex) {
+            $report .= 'Error cleaning anonymous sessions: ' . $ex->getMessage() . ' ';
+        }
         if ($isCurrentSessionDestroyed) {
-            session_destroy();
+            session_start();
+            $destroyStatus = session_destroy();
+            $report .= $destroyStatus ? 'Current session is destroyed. ' : 'Failed to destroy current session.';
+        }
+        return \General::getFilledMessage(MOD_Z4M_USERSESSIONS_ACTION_CLEAN_SUCCESS, $count)
+                . ($includeReport ? ' EXTRA INFOS: ' . $report : '');
+    }
+
+    static protected function cleanAnonymousSessions() {
+        $now = new \DateTime('now');
+        $anonymousSessionsLifetime = MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME;
+        if (is_null($anonymousSessionsLifetime)
+                || !is_int($anonymousSessionsLifetime) || $anonymousSessionsLifetime < 1) {
+            return 0;
+        }
+        $rows = [];
+        try {
+            self::getSessionDataFromFiles($rows, NULL, NULL, TRUE);
+        } catch (\Exception $ex) {
+            throw new \Exception('Error getting session data from files: ' . $ex->getMessage());
         }
-        return \General::getFilledMessage(MOD_Z4M_USERSESSIONS_ACTION_CLEAN_SUCCESS, $count);
+        $sessionFilesToRemove = [];
+        foreach ($rows as $row) {
+            if (key_exists('login_name', $row)
+                    || in_array($row['file_path'], $sessionFilesToRemove)) {
+                continue;
+            }
+            $startDateTime = new \DateTime();
+            $startDateTime->setTimestamp($row['session_timestamp']);
+            $endDateTime = Z4MUserSessionFile::calculateSessionEndDateTime($startDateTime, FALSE, TRUE);
+            if ($now > $endDateTime) {
+                $sessionFilesToRemove[] = $row['file_path'];
+            }
+        }
+        $count = 0;
+        foreach ($sessionFilesToRemove as $sessionFilePath) {
+            try {
+                $sessionFile = new Z4MUserSessionFile($sessionFilePath);
+            } catch (\Exception $ex) {
+                throw new \Exception("Error removing session file '{$sessionFilePath}': " . $ex->getMessage());
+            }
+            $sessionFile->remove();
+            $count++;
+        }
+        return $count;
     }
 
     /**
diff --git a/mod/Z4MUserSessionFile.php b/mod/Z4MUserSessionFile.php
@@ -19,8 +19,8 @@
  * --------------------------------------------------------------------
  * ZnetDK 4 Mobile User sessions module PHP class
  *
- * File version: 1.1
- * Last update: 06/15/2025
+ * File version: 1.2
+ * Last update: 08/11/2025
  */
 
 namespace z4m_usersessions\mod;
@@ -67,7 +67,7 @@ public function convertSessionDataToDatalistRows($withFilePath = FALSE) {
         $thisAppURI = MOD_Z4M_USERSESSIONS_APPLICATION_URI === NULL
                 ? \General::getAbsoluteURI() : MOD_Z4M_USERSESSIONS_APPLICATION_URI;
         foreach ($decodedSessionData as $appKey => $sessionData) {
-            if (!is_array($sessionData) || ($thisAppURI !== 'ALL' 
+            if (!is_array($sessionData) || ($thisAppURI !== 'ALL'
                     && strpos($appKey, $thisAppURI) !== 0)) {
                 // This is not session data for this App
                 continue;
@@ -113,9 +113,10 @@ protected function extractInfosFromSessionData($sessionData, $applicationKey) {
         $startDateTime = new \DateTime();
         $startDateTime->setTimestamp($sessionTimestamp);
         $lastTimeAccess = key_exists('last_time_access', $sessionData) ? $sessionData['last_time_access'] : FALSE;
-        $endDateTime = self::calculateSessionEndDateTime($startDateTime, $lastTimeAccess);
         $returnedRow = array_intersect_key($sessionData, array_flip(['login_name', 'ip_address', 'user_name']));
-        if (!key_exists('user_name', $returnedRow)) {
+        $isAnonymous = !key_exists('user_name', $returnedRow);
+        $endDateTime = self::calculateSessionEndDateTime($startDateTime, $lastTimeAccess, $isAnonymous);
+        if ($isAnonymous) {
             $returnedRow['user_name'] = MOD_Z4M_USERSESSIONS_LIST_UNKNOWNUSER_LABEL;
         }
         $returnedRow['application_key'] = $applicationKey;
@@ -128,15 +129,24 @@ protected function extractInfosFromSessionData($sessionData, $applicationKey) {
     }
 
     /**
-     * Calculates session end time from the session start time and the 
-     * session.gc_maxlifetime. If session is opened in public mode, the last 
+     * Calculates session end time from the session start time and the
+     * session.gc_maxlifetime. If session is opened in public mode, the last
      * access time is used instead of session.gc_maxlifetime.
+     * For anonymous sessions, the end date time is calculated from the session
+     * lifetime set via the MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME PHP
+     * constant.
      * @param \DateTime $startDateTime Last session modification time
-     * @param \DateTime|FALSE $lastTimeAccess Last time access 
+     * @param \DateTime|FALSE $lastTimeAccess Last time access
+     * @param Boolean $isAnonymous If TRUE, this is an anonymous session.
      * @return \DateTime Calculated end time.
      */
-    static protected function calculateSessionEndDateTime(\DateTime $startDateTime, $lastTimeAccess) {
-        if ($lastTimeAccess === FALSE) { // Private access
+    static public function calculateSessionEndDateTime(\DateTime $startDateTime, $lastTimeAccess, $isAnonymous) {
+        $anonymousSessionsLifetime = MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME;
+        if ($isAnonymous && !is_null($anonymousSessionsLifetime)
+                && is_int($anonymousSessionsLifetime) && $anonymousSessionsLifetime > 0) {
+            $endDateTime = clone $startDateTime;
+            $endDateTime->add(new \DateInterval("PT{$anonymousSessionsLifetime}S"));
+        } elseif ($lastTimeAccess === FALSE) { // Private access
             $endDateTime = clone $startDateTime;
             $maxLifeTime = ini_get('session.gc_maxlifetime'); // In seconds
             $endDateTime->add(new \DateInterval("PT{$maxLifeTime}S"));
diff --git a/mod/config.php b/mod/config.php
@@ -18,8 +18,8 @@
  * --------------------------------------------------------------------
  * Parameters of the ZnetDK 4 Mobile User sessions module
  *
- * File version: 1.3
- * Last update: 07/29/2025
+ * File version: 1.4
+ * Last update: 08/11/2025
  */
 
 
@@ -33,6 +33,18 @@
  */
 define('MOD_Z4M_USERSESSIONS_APPLICATION_URI', NULL);
 
+/**
+ * Lifetime in seconds of an anonymous session.
+ * An anononymous session is a user session created when user display the login
+ * page.
+ * @var int|NULL The anonymous session lifetime in seconds.
+ * If NULL, the anonymous sessions are not cleaned by the
+ * UserSessionManager::clean() method.
+ * If lifetime is set, anonymous session are cleaned after the indicated
+ * deadline.
+ */
+define('MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME', 300);
+
 /**
  * Color scheme applied to the User sessions view.
  * @var array|NULL Colors used to display the view. The expected array keys are
@@ -47,9 +59,9 @@
  * Module version number
  * @return string Version
  */
-define('MOD_Z4M_USERSESSIONS_VERSION_NUMBER','1.3');
+define('MOD_Z4M_USERSESSIONS_VERSION_NUMBER','1.4');
 /**
  * Module version date
  * @return string Date in W3C format
  */
-define('MOD_Z4M_USERSESSIONS_VERSION_DATE','2025-07-29');
+define('MOD_Z4M_USERSESSIONS_VERSION_DATE','2025-08-11');
diff --git a/mod/view/fragment/settings_modal.php b/mod/view/fragment/settings_modal.php
@@ -19,8 +19,8 @@
  * --------------------------------------------------------------------
  * ZnetDK 4 Mobile User sessions module view fragment
  * 
- * File version: 1.1
- * Last update: 06/15/2025
+ * File version: 1.2
+ * Last update: 08/11/2025
  */
 ?>
 <div id="z4m-user-sessions-settings-modal" class="w3-modal">
@@ -80,6 +80,11 @@
                             <td class="w3-monospace">-</td>
                             <th class="w3-monospace"><?php echo MOD_Z4M_USERSESSIONS_APPLICATION_URI === NULL ? 'null' : "'" . MOD_Z4M_USERSESSIONS_APPLICATION_URI . "'"; ?></th>
                         </tr>
+                        <tr>
+                            <td class="param">MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME</td>
+                            <td class="w3-monospace">-</td>
+                            <th class="w3-monospace"><?php echo MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME === NULL ? 'null' : MOD_Z4M_USERSESSIONS_ANONYMOUS_SESSION_LIFETIME; ?></th>
+                        </tr>
                     </tbody>
                 </table>
             </div>
