I’ve recently exchanged e-mails with a colleague regarding the storage of PHP sessions data in a MySQL database. To help anyone else interested in using database storage of PHP session information, I have paraphrased / rewritten the content of some of those e-mails below.
One of the best ways to implement the database storage of PHP session data is via the overriding session handlers built in to PHP. PHP has functions built in to allow you to override the default file based session handlers.
These functions all use PHP’s normal ways of handling session persistence between the client and the server (by default, via the use of a session ID cookie).
In other words, it utilises the same PHPSESSID cookie that the default file based session storage uses. When using functions that override the session handlers, the first parameter for several of these function is the session id. Upon overriding the functions, PHP will automatically pass the session ID (pulled from the PHPSESSID cookie) to these functions.
The code linked to below can be ‘required’ (require “session_start.php”) as a drop in replacement for the default PHP session_start() function. This utilises database access to store and retrieve session information. Note that due to the very early point in which PHP processes session handler overrides, objects are not available for use, hence the use of old style ‘mysql’ instead of OO based ‘mysqli’ (if you find a way around this, I’d be very interested in hearing about it).
In terms of performance, there is limited degradation to using database stored sessions with most small to mid range sites, based on my experience and observation. However, larger sites may possiblynotice degradation. In such circumstances, this would likely be related to the MySQL database server load and/or high levels of IO on the MySQL server. Issues of database server load can be mitigated via one or more of the following:
- Separation of the site database and the session storage database (seperating each to their own server if necessary)
- File based caching of session information on the web server system (using standard PHP file reading/writing functions, ensuring that the file cache is updated whenever there are changes to the session information in the database store)
- In memory caching (similar to file based caching, but utilising a key to value storage engine which runs in RAM, providing very fast (atomic) access to data) – using a system such as memcached - http://memcached.org/
For building reasonable size websites in which portability is important, the need to load balance is highly probably in the future and where development time permits, I’d personal recommend database storage for session information, due to the higher level of flexibility this set-up offers.
I hope this information helps anyone looking to make a PHP powered site just that little bit more portable by placing their users’ session data in a database.