未加星标

PHP Session Handling on Heroku

字体大小 | |
[开发(php) 所属分类 开发(php) | 发布者 店小二04 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

http://bit.ly/2ikBfz6

Most web applications use sessions of some kind for things like login systems, authentication, flash messages, etc. But using them on cloud services like Heroku can sometimes be a hastle. This post will hopefully outline some of the different methods you can use to get a fast, adaptable and easy session handler withphp.

Option 1) Single Dyno, Default Session (File)

By simply running session_start(); with PHP, by default a file based session will start. This is great because it’s easy to setup. The performance of this is considered slower than technologies like Memcache and Redis (which store data in RAM not onto disk), however it is often faster than using a remote session service because of network overhead (from my limited experience(.

They do however have a disadvantage in that because they store the session to file, when deployed to cloud based infrastructures like Heroku, the session won’t be shared across the dynos or instances meaning you’re session id will change as you load from different dynos. This makes developing things like login systems very difficult. It also has the disadvantage of being wipped clean on a new deployment (because the dyno is re-built).

So, what’s the alternative?

Option 2) Memcache/Memcachier

Memcached (the extension) and Memcachier (the provider/service) are a great alternatives to file based sessions. They are quick, robust and easy enough to setup. Heroku has a guide on how to set these up. The brief version of the guide being that you need the ext-memcached extension enabled within your composer file and some modifications are needed to the .user.ini file to change the session provider to memcache. You’ll still need to call session_start() but everything will be handled for you.

{
"require": {
"ext-memcached": "*"
}
} session.save_handler=memcached
session.save_path=${MEMCACHIER_SERVERS}
memcached.sess_binary=1
memcached.sess_sasl_username=${MEMCACHIER_USERNAME}
memcached.sess_sasl_password=${MEMCACHIER_PASSWORD} Option 3) Predis

In differentiation to memcache, Predis is a php based library which can be used to change sessions management to be stored within Redis. This means a php extension is not needed which can be a big advantage if the php extension’s support is lacking for the php version you are using, or the infrastructure you use does not support the extension. This is however often a slower method of session handling as the logic is run by the php interpreter and not compiled into a C extension.

Example Predis Session Handler :

// Instantiate a new client just like you would normally do. Using a prefix for
// keys will effectively prefix all session keys with the specified string.
$client = new Predis\Client($single_server, array('prefix' => 'sessions:'));
// Set `gc_maxlifetime` to specify a time-to-live of 5 seconds for session keys.
$handler = new Predis\Session\Handler($client, array('gc_maxlifetime' => 5));
// Register the session handler.
$handler->register();
// We just set a fixed session ID only for the sake of our example.
session_id('example_session_id');
session_start();
if (isset($_SESSION['foo'])) {
echo "Session has `foo` set to {$_SESSION['foo']}", PHP_EOL;
} else {
$_SESSION['foo'] = $value = mt_rand();
echo "Empty session, `foo` has been set with $value", PHP_EOL;
}

本文开发(php)相关术语:php代码审计工具 php开发工程师 移动开发者大会 移动互联网开发 web开发工程师 软件开发流程 软件开发工程师

主题: PHPRedisMemcachedEMC
分页:12
转载请注明
本文标题:PHP Session Handling on Heroku
本站链接:http://www.codesec.net/view/524030.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 开发(php) | 评论(0) | 阅读(87)