Menu
I'm trying to do some research to find the best option for sessions management in a multi-server environment and was wondering what people have found successful and why. Pros and cons.
RDBMS - Slower. Better used for other data.
Memcached - You can't take down a memcached server without losing sessions
Redis - Fixes the problem of memcached, but what about ease of scalability? Fault tolerance?
Cassandra - Has good fault tolerance. Pros and cons?
MongoDB, Others?
Thanks!
349
Session Management Best practices according to OWASPEnsure that session inactivity timeout is as short as possible, it is recommended that the timeout of the session activity should be less than several hours. Generate a new session identifier when a user re-authenticates or opens a new browser session.
For eg. When a User logs into your website, not matter on which web page he visits after logging in, his credentials will be with the server, until he logs out. So this is managed by creating a session. Session Management is a mechanism used by the Web container to store session information for a particular user.
Sticky sessions(AWS) cab be used as a tool for persistent session management.
Personally, I use Cassandra to persist php session data. It stores it in a single column on a single row with session_id:{session_data_as_json} and I set the TTL on the column so that it does garbage cleanup automatically. Works a treat.
I went with cassandra as it has all other user data already ... For caching, I enabled APC on all front end webservers and haven't had any issues ...
Is this the best approach? Not sure. it was fit for purpose for the environment, technologies and business rules I needed to fulfill. ...
Side note, I did start working on a native php -> cassandra session handler: https://github.com/sdolgy/php-cassandra-sessions -- this shows how the TTL's are set with PHPCassa and Cassandra
76
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
