Php – Diabling Symfony2 sessions files

PHPsessionsymfony

I'm looking for a way to disable the file saving of PHP sessions. (I do not need sessions in my application)

I tried to set save_path = NULL, but it only set it to the default path (/tmp).

Is there a way to do that ? Or maybe I shouldn't do it at all for reasons I ignore ?

Best Answer

PHP should only be creating session files is session_start() is called in your application (meaning it needs them) or PHP is configured to always start sessions.

Make sure session.auto_start = 0 is set in your php.ini so that the sessions are not started automatically

Once that's set if you aren't creating sessions then your save path shouldn't matter at all.

Related Solutions

Memcached – Efficient Session Sharing with Pool of Memcache Daemons

Disclaimer: You'd be mad to listen to me without doing a tonne of testing AND getting a 2nd opinion from someone qualified - I'm new to this game.

The efficiency improvement idea proposed in this question won't work. The main mistake that I made was to think that the order that the memcached stores are defined in the pool dictates some kind of priority. This is not the case. When you define a pool of memached daemons (e.g. using session.save_path="tcp://192.168.0.1:11211, tcp://192.168.0.2:11211") you can't know which store will be used. Data is distributed evenly, meaning that a item might be stored in the first, or it could be the last (or it could be both if the memcache client is configured to replicate - note it is the client that handles replication, the memcached server does not do it itself). Either way will mean that using localhost as the first in the pool won't improve performance - there is a 50% chance of hitting either store.

Having done a little bit of testing and research I have concluded that you CAN share sessions across servers using memcache BUT you probably don't want to - it doesn't seem to be popular because it doesn't scale as well as using a shared database at it is not as robust. I'd appreciate feedback on this so I can learn more...

Ignore the following unless you have a PHP app:

Tip 1: If you want to share sessions across 2 servers using memcache:

Ensure you answered Yes to "Enable memcache session handler support?" when you installed the PHP memcache client and add the following in your /etc/php.d/memcache.ini file:

session.save_handler = memcache

On webserver 1 (IP: 192.168.0.1):

session.save_path="tcp://192.168.0.1:11211"

On webserver 2 (IP: 192.168.0.2):

session.save_path="tcp://192.168.0.1:11211"

Tip 2: If you want to share sessions across 2 servers using memcache AND have failover support:

Add the following to your /etc/php.d/memcache.ini file:

memcache.hash_strategy = consistent
memcache.allow_failover = 1

On webserver 1 (IP: 192.168.0.1):

session.save_path="tcp://192.168.0.1:11211, tcp://192.168.0.2:11211"

On webserver 2 (IP: 192.168.0.2):

session.save_path="tcp://192.168.0.1:11211, tcp://192.168.0.2:11211"

Notes:

This highlights another mistake I made in the original question - I wasn't using an identical session.save_path on all servers.
In this case "failover" means that should one memcache daemon fail, the PHP memcache client will start using the other one. i.e. anyone who had their session in the store that failed will be logged out. It is not transparent failover.

Tip 3: If you want to share sessions using memcache AND have transparent failover support:

Same as tip 2 except you need to add the following to your /etc/php.d/memcache.ini file:

memcache.session_redundancy=2

Notes:

This makes the PHP memcache client write the sessions to 2 servers. You get redundancy (like RAID-1) so that writes are sent to n mirrors, and failed get's are retried on the mirrors. This will mean that users do not loose their session in the case of one memcache daemon failure.
Mirrored writes are done in parallel (using non-blocking-IO) so speed performance shouldn't go down much as the number of mirrors increases. However, network traffic will increase if your memcache mirrors are distributed on different machines. For example, there is no longer a 50% chance of using localhost and avoiding network access.
- Apparently, the delay in write replication can cause old data to be retrieved instead of a cache miss. The question is whether this matters to your application? How often do you write session data?
memcache.session_redundancy is for session redundancy but there is also a memcache.redundancy ini option that can be used by your PHP application code if you want it to have a different level of redundancy.
You need a recent version (still in beta at this time) of the PHP memcache client - Version 3.0.3 from pecl worked for me.

Php – Delete specific PHP sessions

The big question is whether you want to be able to delete sessions for nominated users - the concept of a user id is implemented via your application code or by the framework you are using - so PHP doesn't know how to differentiate between specific users. It's quite possible to have a session without having an identifiable user; session management, authentication and authorization are all seperate concerns and the functionality provided as standard within php only addresses the former.

Having said that PHP makes it very easy to implement your own session storage, so it should be trivial to write your own functions which maintain a mapping between the user id and the session id (this doesn't have to be done in the session handler - but it is the right place to do it).

If you just want to kill off all the sessions, and your using the default handler, then just delete the files in the directory specified by session.save_path in your php.ini file.