Let's look at ways how to make PHP applications remember what your user did on the last web page.
The first half will be about the classic PHP sessions, what the SessionHandlerInterface is about and why all of it's methods are important for a successful alternative implementation.
The second half will explore alternatives to the problems created using PHP sessions, including alternatives to sessions: Splitting the problem on the server or moving the data to the client.
2. Why?
● Sessions tend to get in the way of modern
applications and infrastructure
● People seem to ignore the fine print when
rolling their own session handler
● Also: It's an old topic that everyone got in touch
with, but hasn't fully understood in all depth
● Are there alternatives to sessions?
16. Undocumented memcache.lock_timeout = 15
Released 2009-02-22
Last version 3.0.8 from 2013-04-07
Conclusion: Don't use Memcache extension
Memcache config docs
18. There are plenty of possible values for
session.save_handler
Always available: files
Coming with extensions:
memcache
memcached
sqlite
redis
cluster (Zend Session Cluster)
...
20. Network locking may add additional delays
The problem with lock timeouts
(illustrated with Zend Session Cluster)
2sec1sec 4sec?
500msec 1500msec? 2500msec?
37. PHP Sessions
● session_start automatically writes a cookie
● calling it multiple times will create conflicts
● wrapping it into OOP seems complicated
● What about this?
http://paul-m-jones.com/archives/6310
43. Split the problem
Restful web APIs should manage
resources independent from others
POST /api/basket
→ creates /api/basket/randomid
POST /api/customer
→ creates /api/customer/randomid
No blocking, can be done concurrently.
45. Move the problem elsewhere
CouchDB has a strategy for concurrent changes:
1) Reject writes with outdated datasets
2) Accept both changes and let the application
or the user sort it out.
https://wiki.apache.org/couchdb/Replication_and_conflicts
51. Using alternative storage strategies
Splitting data units will reduce the problem
Merging data on conflicts...
...is left as an exercise to the developer
52. Thank you!
Any questions?
Find me on twitter: @SvenRtbg
Find me on StackOverflow: SvenRtbg
Find me on GitHub: SvenRtbg
Find me on Slideshare: SvenRtbg
This presentation on Slideshare
http://de.slideshare.net/svenrtbg/php-sessions-and-nonsessions