You could set up a cron job that does a date/time check and then use 'unlink' to delete them. You may have to open the directory, grab all the files and test each file one by one for the time stamp, if the files are older then X then you delete them.

Here is a thread in which we beat this to death:
[webmasterworld.com...]

My theory is that you should put a timestamp on your sessions table, and then either run a cronjob to delete old sessions, or when someone logs in, delete all of their sessions that are older than some threshhold. Those seem the most reasonable and easiest to implement.

Good luck!

-Andy

thanks, but is there a way to do this without sql? I just have the files written to the directory and nothing else. This is where I'm having the problem

? cron job? makes no sense to me.

-erin

Sure. I don't understand how you're keeping session information, but it sounds like you're making a new file for each user session. In that case, where I say "delete a session", you delete a file.

So, you can either regularly run a program that will delete all files older than some threshold, or when someone logs in, you can delete all of their older sessions, or delete the ones older than some threshold (so that they can be logged in twice at the same time)

? cron job? makes no sense to me.

If you're asking what a cron job is, I described it a bit in that thread to which I referred you. It's a way by which you can have commands executed on a regular basis. If you're on a windows machine, I think there's something like a command scheduler you can use or something like that. You can use this so that you can regularly delete old sessions.