Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are there limits for session variables?

As the title says, are there limits (if any) for session variables or they're considered as usual variables and can store equal amount of data?

I'm looking if there are any other limits aside from variable type ones like max length, max values and so on.

P.S. If the question is unclear, please let me know.

Thanks in advance!

like image 775
tomsseisums Avatar asked Nov 25 '10 08:11

tomsseisums


People also ask

How much data can be stored in a session?

Session storage can also accommodate a huge amount of data. Most browsers, including Chrome and Firefox, can store about 10 MBs of data in session storage.

How long does a session variable last?

By default, session variables last until the user closes the browser. So; Session variables hold information about one single user, and are available to all pages in one application. Tip: If you need a permanent storage, you may want to store the data in a database.

How Safe Are session variables?

Sessions are significantly safer than, say, cookies. But it is still possible to steal a session and thus the hacker will have total access to whatever is in that session. Some ways to avoid this are IP Checking (which works pretty well, but is very low fi and thus not reliable on its own), and using a nonce.

Can session variables be modified?

Session variables on the client are read-only. They cannot be modified. In order to change the value of a session variable, an Ajax Callback is required. Similarly, if a session variable changes on the server, it will not be updated on the client until an Ajax Callback is made from the client.


2 Answers

As @Thariama said, there's no limit on the number of variables; also, there's no limit on the amount of data you can store in a session (I've seen sessions tens of MB in size).

As the size of a session gets larger, you'll run into various quirks though: PHP 5 deserializes the whole session into memory at session_start() (using the default session handler - you can make you own solution, of course); with a 20 MB session and 50 concurrent users, your scripts start to be severely limited by disk access speeds (a.k.a. "script startup is slow as molasses" - the sessions alone would be hogging a GB of RAM); in the end, we dedicated a box to keep as many sessions as possible in its RAM, and the frontend boxes accessed them over NFS (although it helped in our case, this may be overkill for you).

Note that for many concurrent users and session storage on disk, the number of session temporary files may cause problems with filesystem limits (e.g. how many files can be in one directory before you run into problems with stat() performance), or other limits (we once found the hard way that a box was configured to only allow 4096 open files at the same time). None of this is really session-specific, but can be triggered by session handling.

like image 195
Piskvor left the building Avatar answered Oct 06 '22 08:10

Piskvor left the building


No, there is no limit on much space a session may have (or how many variables a session may possess). The only limit is the specs on your computer, this is defined by your available memory_limit in your php.ini . Be aware that this space will be shared among all sessions for all users.

like image 22
Thariama Avatar answered Oct 06 '22 06:10

Thariama