falltime Posted July 1, 2008 Share Posted July 1, 2008 For several of my clients, I've always just reused a great session class that I wrote awhile ago and it has always served me well. It implemented standard PHP session management and set basic cookies for long-term persistent access. I've moved on to a much larger web app project that must be scalable, particularly in terms of performance. I been doing a bit of reading on the common problems with PHP sessions when scaling up to large server-farms. Additional expensive software is required to centralize persistent session data, and it adds quite a bit of performance overhead. So I've considered rewriting my session class to drop PHP sessions all together and just work with cookies. It sounds like this is really that real common alternative although I'm a bit wary of the obvious potential security issues (cookie theft, etc). I know you can set a cookie experation to 0 so that it expires as soon as the browser as closed, but from my experience, it doesn't quite work in the same way as a session - every browser window must be closed (at least in FF) for the cookie to fully expire as opposed to just the specific website browser window (in the case of sessions). Quote Link to comment Share on other sites More sharing options...
corbin Posted July 4, 2008 Share Posted July 4, 2008 Oh God.... I don't think you understand exactly how sessions work if you're thinking of storing session data in a cookie. Here's how it generally works: Server has a certain datasource (for my example, it will be a file), from which it pulls data. It knows which datasource to choose based on a key from the client. (The session ID, which is generally stored in a cookie.) So, sessions = server side, cookies = client side. It would be like... Ohhh good analogy.... Let's say I'm a banker, and I have 2 clients. Client 1 would come to me and say, "Hi, I'm Client 1," and I would look in my little banker-analogy book and know he has $x. Client 2 would come and say, "Hi, I'm Client 2," and I would look in my little book and see that he has $y. Now, if I'm storing the session data client side, suddenly Client 1 is coming to me and saying, "Hi, I'm Client 1, and I have $x." x could be any value he chooses, since cookies can be modified by clients. As for multiple servers accessing the same sessions... There are multiple ways to do it. One of the most common ways is to store the sessions in a globally accessible database. For example, let's say you have 2 content presentation servers and they access 1 database server. You could store the sessions on the 1 database server, and both content presentation servers could access it. Or, you could simply network the drive where the sessions are stored and set PHP to use that location. (I would not personally go with this one as much can go wrong.) Anyway, maybe you were asking something else, and my answer was just entirely random. Quote Link to comment Share on other sites More sharing options...
keeB Posted July 4, 2008 Share Posted July 4, 2008 Corbin! Great advice. Use a database. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.