Are PHP sessions trustworthy?

Published 2 months ago by thebigk

This question isn't in the Laravel context; but a general php development question. I currently run a web-app that makes use of php sessions to store temporary data. The web app runs on HHVM. The web-app frequently sees traffic spikes with about 200-300 concurrent users.

The app works fine for almost 90% of the simultaneous users but the rest face weird issues like losing session data or not getting the required data set into session, resulting into errors. I've not been able to point out what exactly goes wrong because I only see this issue when there are lot of simultaneous users.

My best guess is that because sessions are stored in a temporary file, there could be an issue when, say 20 users are trying to write to sessions at a time. Or maybe just the sessions, in general aren't trustworthy.

The obvious solution could be to use memory cache OR some other caching mechanism to store data; but that doesn't seem to be an option with HHVM.

What's your take on php sessions? What could be the possible solution to the issue I'm facing?

kfirba
kfirba
2 months ago (210,165 XP)

Just as you suggest, I think the issue is with your session driver. File session storage is limited the the disk I/O capability and it's prone to race conditions.

Have you tried using something like redis for the session storage? I would give it a try and see if it solves the problem

thebigk

@kfirba - The server uses SSD and I thought writing to files won't be an issue. Redis is an option I could look at. But it looks scary :-/

kfirba
kfirba
2 months ago (210,165 XP)

@thebigk SSD is indeed faster than HDD but I'm pretty sure that sessions creation and read aren't sequential so it also takes MUCH longer to read and write to the session compared to a memory (RAM) based solution such Redis.

Why do you think Redis is scary :/? Redis is awesome :)

Maybe familiarize yourself with Redis through Jeffrey's awesome Redis series: https://laracasts.com/series/learn-laravel-and-redis-through-examples

thebigk

@kfirba - That's because I've never used Redis and will have to spend time learning it. Yes, Jeffrey's lessons will definitely help.

That said, I'm looking for more confirmations about overall reliability of sessions.

jlrdw
jlrdw
2 months ago (199,830 XP)

When laravel is properly installed, meaning main files are above htdocs, (www on some, public_html on some), yes.

However an incorrect install, no. Many here have had install questions where we could read there .env data.

thebigk

@jlrdw - As I mentioned in my first post, the question isn't with reference to Laravel; but a general PHP usage related. The concerned app runs on WordPress and I'm planning to port it to Laravel once I'm comfortable with the framework.

I'm seeking opinions on general usage of PHP sessions. Can I be 99.99% certain that sessions will maintain the data irrespective of the count of users writing stuff to sessions?

jlrdw
jlrdw
2 months ago (199,830 XP)

Has more to do with load balancing. I'd get with the tech folks at the host you are going to use. I am a database person, not server, but short story:

I came from enterprise java to php (semi retired) and maintain a couple smaller sites, one I did using larvel 5.1.

So at the trucking company I worked at as the database manager, I used jsp, servlets and javabeans.

The company had a hosting company set everything up at there end, all I did was deploy .war file. A little more involved, but the point is we relied on the experts to handle the server end.

I did develop locally i and had a local tomcat installation. Tomcat even in dev was a pain to set up, something I did not enjoy.

So as an example, if you are going to use digital ocean (or similar) talk to them folks, they probably know servers and load balancing pretty well.

The server uses SSD and I thought writing to files won't be an issue.

Think about it, prior to these modern high speed high memory computers, Fedex still managed handling millions of records and thousands of customers.

How did they do that.

Please sign in or create an account to participate in this conversation.