PHP Session string limit

Question

Is there a length limit to a string that can be placed into $_SESSION with PHP?

Thanks

Answer 1

The size of string is limited by the amount of memory available on the server. Whether that string can be successfully stored in a session would depend on the session storage mechanism in use.

If you're using the out-of-the-box file based session storage, then the it's likely you can write a file which is larger than the amount of available memory. If however you were using, say, memcache, then you might be more limited.

However, practically speaking, if you're storing so much in a session you have ask this question, you're probably abusing sessions!

Sessions should contain only that which you really want to have readily available for virtually every PHP request your application handles - typical examples would be a user name, user id or privilege level. When your app needs something bigger occasionally, it can go and grab it from another storage system.

Answer 2

It depends on the session_save_handler used. For the default one, there is in theory no limit (or a very, very high one, dictated by the file system), because session data is saved in files.

Seeing as session data is imported on every request, however, there is an effective limit imposed by the maximum amount of memory the script is allowed to occupy. It is wise not to store more than a few kilobytes in there.

If you need to save large chunks of data, store it in temporary files (named after the current session) instead.