Menu
Im building a laravel site and i have just found out that laravel sessions aren't shared with native php sessions.
At the moment i don't see any performance difference, but this site will get heavy traffic when complete. Is it best to stick with as much native PHP stuff where possible or is the laravel implementation for sessions more efficient than php?
313
Laravel ships with a variety of session back-ends available for use through a clean, unified API. Support for popular back-ends such as Memcached, Redis, and databases is included out of the box. The session configuration is stored in config/session. php .
Of course each user session is unique to that logged in user.
Is the session of Laravel secure? With Laravel, you can encrypt data with AES-256 and AES-128 using the OpenSSL library. Laravel uses a Message Authentication Code (MAC) to ensure that encrypted values cannot be modified by unauthorized and unwanted parties.
You need to understand what happened: You've set the lifetime of the sessions to 120 minutes, which means after 120 minutes the session is flushed. The remember_me feature is using cookies. If there is no user session Laravel checks the cookies and recreates the session if the session cookie is still valid.
If you're using Laravel 4.0, it uses the native PHP session as its session driver by default, so the difference is negligible.
From Laravel 4.1 onwards, the new default session driver is called file, which stores session data in files on disk, and according to their 4.1 release notes, their sessions are now "leaner and faster":
Improved Session Engine
With this release, we're also introducing an entirely new session engine. Similar to the routing improvements, the new session layer is leaner and faster. We are no longer using Symfony's (and therefore PHP's) session handling facilities, and are using a custom solution that is simpler and easier to maintain.
Alternatively, you can use Redis or memcached to handle sessions - Laravel has drivers for both out of the box (note: for anything new, you should use Redis rather than memcached). You can consider this option if you have large session data (complex objects/data rather than a few strings or integers being stored) and/or a huge number of concurrent users (10,000+).
These drivers will store session data primarily in memory rather than on disk, so will be faster and more efficient, although the performance gain will more often than not be negligible unless you had a session-related performance bottleneck in the first place. If you do have such large session data that it's causing performance issues, then it may be pertinent to consider addressing this before looking to reconfigure your session engine.
94
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
