Database vs Session - opinions please?

[chigley]

Hey guys,

 

Just wanting to evaluate people's ideas on whether or not a database-based session would be better than PHP's session functions. What're your opinions? All database? All PHP sessions? A compromise?

 

Charlie

[Daniel0]

FYI, PHP can store its sessions in a database, it just doesn't do it by default.

 

http://php.net/manual/en/function.session-set-save-handler.php

[PFMaBiSmAd]

The argument that is usually used as a reason to not use the standard file handler is because on a shared server all the session data files of the accounts are stored in one place (a security issue) and the shortest garbage collection maxlife time of any script will delete your session data files.

 

Both of these problems can be solved by setting the session save path to be a "private" folder within your account space. A private folder is either one outside of your web document root folder or if that is not an option, a folder within your document root but is protected from any browser/http access using a .htaccess file.

 

Also, by setting your own session save handler for a database, that uses parsed/tokenized/interpreted php code, instead of using php's built-in file handler, that uses complied C code, your session operations will take about 20 times the amount of time that the file handler takes (plus the additional time for the database queries over just the file system operations). This is important when you are getting 100's and 1000's of hits per second on a site.