Menu
I've only seen examples of session variables being used to store small amounts of data, like a single user id. I'm wondering if it would be more efficient to instead hold more frequently accessed data in the session variables to avoid querying the database.
For instance, I made a user class that gathers regularly requested data for that user upon construction (their user id, username, email, password and arrays of site specific data) and I hold this instance as a session variable. After the user's initial log in, the database rarely has to be queried to get information about the user because it's already in memory.
Am I actually being more efficient at all, or am I just bogging down the system with memory usage?
Side note - I actually find it easier to grab data from the session instead of having to worry about optimising my queries and stuff, so I really hope I'm not being an idiot.
320
No, there is no limit on much space a session may have (or how many variables a session may possess).
Its syntax is quite straightforward. Beginners can easily learn and implement this storage. Session storage can also accommodate a huge amount of data. Most browsers, including Chrome and Firefox, can store about 10 MBs of data in session storage.
It's by default 64M or 128M ,depends on your service providers. It should not happen that your session data comes or exceeds nearby to this php memory limit. There is no limit in php but many concurrent users and session storage on disk, the number of session temporary files may cause problems with filesystem limits.
Sessions are significantly safer than, say, cookies. But it is still possible to steal a session and thus the hacker will have total access to whatever is in that session. Some ways to avoid this are IP Checking (which works pretty well, but is very low fi and thus not reliable on its own), and using a nonce.
It all depends on server resources, and on simultaneous users of your website / app.
You can do a rough calculation, by estimating the average session memory each user will need, multiplying it by the average number of simultaneous visitors, and comparing this to the memory you have available for PHP in the server.
This calculation will help you estimate how much is too much in your scenario, in a very rough, but helpful way.
EDIT: by memory I mean RAM and/or disk space, depending on your setup.
32
Firstly, PHP sessions aren't stored in memory by default, they are stored on disk, so every block/session you write to is going to occupy disk space and not memory (until you use PHP to read the session data).
Yes, you're potentially being more efficient, but not if you want to scale and here's why:
It's perfectly acceptable to store some data in sessions. Theoretically, there is no limit (although I've never tried to break it or even push it, just move to a more efficient solution). You will however, be limited by disk space and PHP memory_limit().
Often, data stored in sessions includes things like:
However, there is a tradeoff. If your traffic (and usage) increases and you're storing a lot of data in $_SESSION, you will very likely start to see problems, both in terms of disk and memory usage.
I don't think there is any issue with what you're suggesting, but beyond the items you've listed and where the examples above overlap, care is required.
If you want to scale (horizontally) and retain disk-based sessions then you have options (sticky sessions or storage area network are a couple) as the disk on one server doesn't store the same sessions as a disk on another server.
You can find the location where PHP stores session data by calling: session_save_path()
or on the CLI:
php -r 'echo session_save_path(), "\n";' You've not mentioned your OS, but common locations for the session files (across different OS types) are:
/tmp /var/lib/php5/ /var/lib/php/session c:/wamp/tmp Sessions stored on disk usually have filenames that look like this using ls -al:
-rw------- 1 www www 0 2013-07-09 20:12 sess_bdsdjedmvtas5njhr5530b8rq6 It's worth noting that there are often garbage-collection processes that clean out dead sessions after specific periods. It does vary by OS, but they are usually present with various LAMP-based installs.
In your database
Session data is often stored in a DB instead of on local disk and this works well for both micro, small and (depending on how it's done) medium sites with a reasonable level of traffic.
Like any other solution it has it's pro's and con's (like being able to ban/kick out a user by running a query rather than deleting a session file from /tmp)
In memory
for larger, (higher traffic) sites and particularly where the volume of concurrent users is high, memory is quicker to read/write to for very frequently accessed variables or data instead of adding undue load to your DB. It can and should still be written to the DB (See write-through caching), but also be held in memory for efficient access.
One technique of particular merit is memory caching. A widely used example PHP-compatible open-source solution is Memcached, which can be used on one server or many [distributed]. I've seen this used by small firms as well as large and you only have to look at who uses it/contributes...
52
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
