You can't properly have your own session handler without writing code to clean up after yourself.  The last two methods for our class will be the destroy and gc (garbage collection) methods.

When the session_destroy() function is called, it triggers a call to our destroy method.  Here's a look at the code:

      function destroy( $id ) {

         // Build query
         $newid = mysql_real_escape_string($id);
         $sql = "DELETE FROM `sessions` WHERE `session_id` =
'$newid'";

         db_query($sql);

         return TRUE;

      }

The above logic is fairly straightforward.  The destroy method is called, passing the unique session identifier.  We then make a call to delete the record.  Boom, session information no longer exists.

Periodically, PHP will trigger a garbage collection routine, meant to handle the conditions where people left before the system got a chance to clean up their sessions.  Here's the code:

      function gc() {

         // Garbage Collection

         // Build DELETE query.  Delete all records who have
passed the expiration time
         $sql = 'DELETE FROM `sessions` WHERE `expires` <
UNIX_TIMESTAMP();';

         db_query($sql);

         // Always return TRUE
         return true;

      }

In the above query, we delete all records that are expired, and SHOULD have been deleted by the destroy method, but the method was apparently never called.  This garbage collection could be considered "self-maintenance," and stops you from needing to write a cronjob to keep your sessions table clean.