A newbie question for the experts...

I use the following code to move the new sessions files to my own folder on a shared hosting. Then I use session_regenerate_id(); to prevent session fixations. Then I delete the old session files to prevent some one from geting the old sessions values on the folder to use them. A friend tell my that the session.gc_maxlifetime is better to avoid stress on the server due to the old files deletions.

What do you guys think about it? And how secure is it?

Here is the code:

ini_set('session.save_path','sessidfolder');
//ini_set('session.gc_maxlifetime', '300'); // 5 mins
ini_set('session.use_trans_sid','0');
ini_set('session.use_only_cookies', '1');
// start the old session to retrieve $_SESSION data
session_start();

// get the old session name to delettion
$old_sessid = session_id();

// start a new session; this copies the $_SESSION data over
session_regenerate_id();

// hang on to the new session id
$sid = session_id();

// close the old and new sessions
session_write_close();

// re-open the new session
session_id($sid);
session_start();

// delete old sessions from the folder
$file_name="sess_".$old_sessid;
$dir_name="sessidfolder";
$dir = opendir("$dir_name");
unlink("$dir_name"."/"."$file_name");
closedir($dir);
//

Thank You!