Which Session Driver do you recommend?

Published 2 weeks ago by Andreas94

Hello everyone, at the moment I use the Session Drive "file", but unfortunately the folder / storage/framework/sessions now weighs more than 10MB and has in many files...

What do you recommend? which one do you use? Is it safe to use cookies?

shez1983

you will get the same thing regardless of the driver.. be it redis/memcache/file/database.. it will store same data you r storing now -

if you are looking to reduce the size then you need different strategies..

gator
gator
2 weeks ago (64,260 XP)

For most cases, the default (FileSessionHandler) should work just fine.

Unless yours is a high traffic site, I do not see why it should be 10MB.

If you look at the source code: https://github.com/illuminate/session/blob/master/FileSessionHandler.php#L101

The gc() routine takes care of deleting files that are older than "lifetime" specified in your config/session. I'm guessing this is not running properly.. A permissions issue perhaps? More investigation is required. Set the 'expire_on_close' option to true (in config/session) to see if it alleviates the problem.

Andreas94

It is a site with about 4700 unique visits a day @gator, if I set "lifetime" in config/session.php, with an expiration of about 43200 minutes = 30 days, the storage/framework /session directory is emptied every month, but then all users every thirty days have to re-login.

Realize that I have converted my portal in Laravel for about 6 days ... In a week that folder weighed 10MB and inside there were more than 150k files... If I had to put it every 30 days the folder would explode...

But what are these files for? everything that users do on the site or just logins?

@shez1983 And selecting cookies, how do you save the same data I'm saving now with files?

shez1983

cookies is in users browser... its not a secure way of saving data.. and user might delete cookies..

Snapey
Snapey
2 weeks ago (779,535 XP)

why so many session files? 4700 multiplied by 6 days is not 150k files.

Something else may be wrong

Andreas94

@Snapey What are the file sessions to contain? only when a user logins in?

Because to me is also saved every page that the user visits, example:

a:3:{s:6:"_token";s:40:"2J2Y6YfFMO8ZuqWV64bnuw36L8Uymq4h78aBMn75";s:9:"_previous";a:1:{s:3:"url";s:28:"/rss.php";}s:6:"_flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}
a:3:{s:6:"_token";s:40:"2mUfgeulnmhGN0eS1jAXxEYEZdV3aiLnnMRAARbl";s:9:"_previous";a:1:{s:3:"url";s:61:"giochi/the-witness-pc/gallery";}s:6:"_flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}

Why this thing? I just reactivated the Sessions with files and I already have 143 files...

@Shez1983 If the user deletes cookies it is because he wants to remove access ... But how come you say that they are few sure?

Andreas94

In 5 hours, 3912 files... Is this normal?

Snapey
Snapey
2 weeks ago (779,535 XP)

If you had 3912 uniques in that time?

In config/session.php, have you set anything here;

    | Session Cookie Domain
    |--------------------------------------------------------------------------
    |
    | Here you may change the domain of the cookie used to identify a session
    | in your application. This will determine which domains the cookie is
    | available to in your application. A sensible default has been set.
    |
    */

    'domain' => env('SESSION_DOMAIN', null),

or in the SESSION_DOMAIN parameter in .env ?

Andreas94

No, In domain I have:

'domain' => env('SESSION_DOMAIN', null),

and in the env it is not reported, so it is null...

Now i have 9998 file for 2348450 bytes = 2,34 megabytes

Snapey
Snapey
1 week ago (779,535 XP)

The size of the session file depends what you are stashing in it

Andreas94

I'm not hiding anything... I simply do not understand why it saves every single session and page visited, these are some contents of the files:

a:3:{s:6:"_token";s:40:"l5bbPnKcUdloPAwKSyO0qMkgpdZK83KIGBFo8t8f";s:9:"_previous";a:1:{s:3:"url";s:63:"/trofei/viva-ferrari";}s:6:"_flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}
a:3:{s:6:"_token";s:40:"Rp4wEKoHQiOh4E1chSWMxmufbVgJRQjRtxnoDbOS";s:9:"_previous";a:1:{s:3:"url";s:147:"nuovo-trailer-di-sid-meiers-civilization-vi-rise-and-fall";}s:6:"_flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}

Honestly, I do not even understand what it means:

s:6:"_flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}

This is my Session.php file:

return [
    'driver' => env('SESSION_DRIVER', 'file'),
    'lifetime' => 525600, // 1 year
    'expire_on_close' => false,
    'encrypt' => false,
    'files' => storage_path('framework/sessions'),
    'connection' => null,
    'table' => 'sessions',
    'store' => null,
    'lottery' => [2, 100],
    'cookie' => 'ge_user_session',
    'path' => '/',
    'domain' => env('SESSION_DOMAIN', null),
    'secure' => env('SESSION_SECURE_COOKIE', false),
    'http_only' => true,
];

Edit: I just found this old thread "https://laracasts.com/discuss/channels/laravel/thousands-of-files-in-session-folder" I try to see if I solve it too ...

Snapey
Snapey
1 week ago (779,535 XP)

The file is a serialised session object. There is nothing unusual in there.

And just to reiterate, each visitor will create a session file, and as you have set the lifetime to a year, these will stay around for a very long time. (normal duration is 2 hours, with two old sessions being deleted every 100 requests)

Andreas94

I bring this discussion back to life a few weeks ago. I set 120 as suggested by @Snapey, unfortunately, however, users find themselves having to log in to the site several times a day... how can I avoid this?

Andreas94

No idea?

Snapey
Snapey
4 days ago (779,535 XP)

you can avoid them logging in again with a rememberMe cookie like you get with the standard Auth

Please sign in or create an account to participate in this conversation.