Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Large PHP session slowing down web application

Tags:

php

mysql

session

I have a web application where complex permissions determine whether or not a user has access to each of thousands of different files. A user can see all files, but there is an indicator to open files that they have access to. A user has access to a file if someone else in their organization has access to it, or if someone that they are in a collaboration with has shared access to that file.

Right now, I have a complex PHP function that generates a large PHP session by building arrays of the files a user has access to, either in their organization or their collaborations, and merging these access arrays. When these files are displayed to the user, PHP checks this array to see if they have access, and if they do, it adds the button to open the file. I am doing it this way because running the query to check for access for each individual file ended up taking way too long when displaying long file lists, and PHP's in_array() was substantially faster.

The problem is...

The php session has gotten so large that it seems to be slowing down simple website functions to a crawl, and I need to think of a new way to do this.

My question is...

What would be the best way to replace PHP sessions for storing file permissions and file locations for thousands of files a user has access to, so that when lists of files are being displayed, PHP can rapidly retrieve this information, without needing to run a query for each individual file?

like image 454
skiindude22 Avatar asked Sep 24 '11 20:09

skiindude22


1 Answers

Hm, without knowing the full scope of the problem, I'd suggest adding a Sessions table in your database and include a FilePermissions field and a UserId field.

This field would store a json representation of your permissions structure. This would only require one call to the database and the majority of the processing would take place while parsing the json data server-side (which shouldn't be much overhead at all).

This is a standard way to reduce the size of client-side session information. A good rule of thumb is putting anything in the Sessions table that exposes the logic of your application.

Update

I would only store the files that they do have access to in the json field. Non-existence can be assumed as prohibiting them from accessing the files. This would again reduce the performance footprint.

This would only work if there isn't a complex permissions structure (like each file has permissions for read and write). If it doesn't, I'd say you're in the clear.

like image 159
Chuck Callebs Avatar answered Sep 21 '22 05:09

Chuck Callebs