Karl_T

SessionHandlerDBRedis

Recommended Posts

Karl_T    35

Greetings. I am here to share my first module. I make this module because I cannot find one to suit my need. I like SessionHandlerDB but I do not want to use mysql database to store session for performance. So, Redis seems to be the best choice. I have tried to use netcarver's SessionHandlerRedis but it lacks something I need, those are the active session checking and the easy module configuration while I do borrow some code from it (thanks to netcarver). So I take this chance to merge them together to form a new module. I am new to use github and I don't know if it is appropriate to publish another similar project, or fork from them. 

You may grab this from Github: SessionHandlerDBRedis

I hope this could give somebody a help.

 

Updated to v0.4

changelog: 

v0.3 - added ability to get forwarded IP instead of normal remote IP. 

v0.4 - added session lock

  • Like 6

Share this post


Link to post
Share on other sites
arjen    1,079

Thanks for posting Karl.

I think it would be best to fork the project and commit your changes. This way there will be only one Redis session handler database but with two developers. @netcarver is a really nice guy, so I think you guys can work this out :)

Share this post


Link to post
Share on other sites
Karl_T    35

@arjen Thanks for your suggestion. Hopefully my publish does not cause much issue here. Sorry if I have violated something. I wondered if it is appropriate to fork a project with 90% code changed or instead fork to SessionHandlerDB with more similarity. I will try to fork SessionHandlerRedis later. Hope that netcarver is still interested in this module. ^_^

  • Like 1

Share this post


Link to post
Share on other sites
arjen    1,079

No issues here :)

But since the amount of modules is (luckily) pretty small in ProcessWire I guess it would be wise to join forces instead of creating several modules with overlap. If 90% of the code is changed, I'm not really sure if a fork is appropriate, but it might be. I guess we have to wait until @netcarver joins the discussion.

  • Like 2

Share this post


Link to post
Share on other sites
Karl_T    35
8 hours ago, netcarver said:

My module was very experimental. Very happy for it to have a successor ^-^

Thanks netcarver, I will try to make a pr on it. ^_^

I do think using Redis as the session handler has many advantages such as reduce work load for mysql(if you are using it to store sessions) and performance boot(fastest way at the moment?). I experienced a faster page load after using it, no thorough experiment anyway lol. So, I am surprised that no much dev is interested in this(no reply in the SessionHandlerRedis post last two years!?). I wonder if I missed some drawbacks or this tech is already outdated.:undecided:

  • Like 1

Share this post


Link to post
Share on other sites
LostKobrakai    4,313

Redis is often not available in shared hosting environments and we have lots of users, where this kind of tech / performance gain doesn't make a real difference. It's certainly a really nice to have module, but it always depends on the use-case.

Share this post


Link to post
Share on other sites
Karl_T    35
7 minutes ago, LostKobrakai said:

Redis is often not available in shared hosting environments and we have lots of users, where this kind of tech / performance gain doesn't make a real difference. It's certainly a really nice to have module, but it always depends on the use-case.

Thanks for your points. It indeed makes less difference for low traffic site where shared hosting is the common choice. I always use cheap VPS plan in DigitalOcean or Linode to gain the largest control for less money so I forgot about shared hosting for long.:P.

  • Like 3

Share this post


Link to post
Share on other sites
seddass    20

@Karl_T It's great of what you have done. I can feel your excitement about using Redis. 

Haven't had the chance to dig deeper into your code but of what I saw, you are not using session lock. Forgive me if I am wrong.

I was using phpredis (the php extension) as a global session handler replacement in php.ini , but it lacks support for session lock. I was having trouble because of this and I wrote my own solution attached here. I just prepend it.

When using session with files - the files system have lock on write. When using SessionDB - the database has a row or table lock depending on the table engine. Memcache have lock implemented and it's suitable for replacement in php.ini. Of what I saw in the phpredis code, there is no lock and have to be implemented externally. 

  • My issue because of this here.
  • This guy here explained more about the session lock and session fixation.
  • Here is the related issue/feature request at GitHub/phpredis. 
  • Magento's dev opinion here .

Also many recommend igbinary as a php serializer of the session data before to be stored in Redis. Of course, it is not installed by default on a shared hosting. Just as a reminder, there were many ways to decrease the memory usage. Some prefer using "strings" instead of "hashes" as a datatype if not using millions of sessions and shortened keys for memory optimization. 

Also, just saw a cron job deleting the expired keys. Redis have native key removal for the expired keys and there is no reason for garbage collector or a cron job to delete the old keys. Sorry if I am wrong about your code. I am keen to test it in the morning. 

Hope this helps. Peace!

session_handler_redis.php

test_serializers.php

  • Like 5

Share this post


Link to post
Share on other sites
Karl_T    35

@seddass Thanks for your great lesson. I have really learnt a lot! I lack the knowledge and sense to find out the potential threats. And, I should have made it clear about the existence of any open issues affecting the usage before using a library. I will dig deeper and try to resolve the issue. Your attached code would be a great help for this.:lol:

11 hours ago, seddass said:

Some prefer using "strings" instead of "hashes" as a datatype if not using millions of sessions and shortened keys for memory optimization. 

I was using string as datatype originally. Hash is used because it is the only way I found that can let me to do calculation like finding recent active session using timestamp by ZADD.

11 hours ago, seddass said:

Also, just saw a cron job deleting the expired keys. Redis have native key removal for the expired keys and there is no reason for garbage collector or a cron job to delete the old keys.

Thanks for poitning this out. I overlooked this one.

 

  • Like 3

Share this post


Link to post
Share on other sites
seddass    20

@Karl_T Glad to save your time. If we join forces we can create a great Redis Sess Handler for PW. Hope @netcarver will help too. 

Quote

Hash is used because it is the only way I found that can let me to do calculation like finding recent active session using timestamp by ZADD.

If it's just occasionally, I would try with strings using TTL (or PTTL) to get their expire time and to sort all the keys in php array. BTW never played with TTL till now. It has to be tested with a lot of sessions. 

The next feature will be to provide connection support for local socket and to multiple Redis servers with priority and auth.

My experience with Redis started when I find out session_id() took 12 seconds because of many sess files. 

  • Like 2

Share this post


Link to post
Share on other sites
netcarver    1,882

@seddass, @Karl_T

I'm a little out of the loop regarding Redis, at the moment, but I like the idea of collaborating on this. As I have the original repo on github, how about I add you both as collaborators, and we can make this a more community oriented effort?

  • Like 7

Share this post


Link to post
Share on other sites
On 4/21/2017 at 8:00 PM, seddass said:

Trying to there files, but it says not available for my account :( I just signed up, but I assume the files contains fixes for the public module here: https://github.com/karltaidev/SessionHandlerDBRedis

Were you able to implement the lock or didn't I understand correctly?

Share this post


Link to post
Share on other sites

Hmm in the meanwhile I was able to download it, but I'm unsure how it works. 

PS: Karl_T, can't you implement the locks in your module with this example?

Share this post


Link to post
Share on other sites
Karl_T    35

Hi @Hosted Power. Currently session lock is missing in the module. I am currently busy on my own project. I will make a pull request to netcarver's repo with the session lock implemented some time later, maybe a month later as I want to use this on my project too. I will post it here after that.

Share this post


Link to post
Share on other sites
seddass    20
3 minutes ago, Hosted Power said:

Hmm in the meanwhile I was able to download it, but I'm unsure how it works. 

 

@Hosted Power The 'session_handler_redis.php' will change your session handler. By changing the default session handler you may store your session data in files, in database, redis, memcache, etc. You can use it in any PHP project, with any CMS or framework. Include it at the beginning of your index.php or header.php, before your session_start(); Of course, you may have to tweak the port and/or socket path. Make sure you have "php_redis" extension installed for greater performance. You may need to edit the file if you don't have igbinary_serializer extension installed. 

I am busy too and hopefully, one rainy weekend I will focus on converting it as PW module with Karl_T.  Meanwhile, you have a working solution and despite it's not as a module yet, it is reliable and you can use it with ProcessWire. Enjoy!

  • Like 1

Share this post


Link to post
Share on other sites

Hi All,

Sorry for my own late reply, but you guys here are really fast and to the point, wow! I bet this is one of the reasons our customers with ProcessWire like it so much :)

In any case we're looking forward to the redis module improvements! 

Share this post


Link to post
Share on other sites
Karl_T    35

Session lock is added finally. ;) I also make a pull request to netcarver's SessionHandlerRedis. Once it is done I will close this one and move to that one probably.

FYI: phpredis is undergoing a pull request to add their session lock.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By benbyf
      Is there a way to restrict logins for users so that one user can't be loggedin in two places at the same time?
      e.g. auto logout user after inactivity (of say 15 minutes..?), or logout action and disallow login if user still "logged in" somewhere?
    • By Martin Muzatko
      Hello there!
      I want to create a user front-end (user can register/login/logout via templates)
      I'm working based on the intermediate site profile. So _init.php is loaded first, then the template file and then _main.php.
      I integrated the custom login as described here, and changed it to my needs. ( I don't want to redirect the user, if the form is filled in successfully)
      The problem I face, is that $user->isLoggedin() lags behind $session->login().
      Which means that whenever I do a login, I DO get the information that the login was successful ($session->login(...) instanceof User). I COULD use that information on _main.php to show a profile in the upper right corner.
      However I don't want to set a variable in the template and ask for it in _main.php. Are there any alternatives? Is a redirect really required to complete the session handling? Why? I have the same problem for the logout. The user is still displayed as logged in, when he opens the logout page.
      Thanks in advance.
      Best,
      Martin
    • By Mirza
      How to track user active time based on session login and logout.
      Basically, I want to get the report that each user login time and logout time/session inactivity time.
      Is there any module available or we can use any hooks to simulate the above.
      Thanks in advance for your support.
    • By suntrop
      Hi all. Perhaps this is just my fault, but I can't get behind it :-(
      When I store an array in a $session and want to read its contents – after a $session->redirect() – it is NULL by var_dump()
      If I use the exact same code and just store a string or a Page ID the output is correct.
      // file-1, product page $last_add_to_cart['product'] = $selected_product; $last_add_to_cart['quantity'] = $selected_product_quantity; $session->last_add_to_cart = $last_add_to_cart; $session->redirect('/warenkorb/'); // file-2, cart var_dump($session->last_add_to_cart); // is NULL Strangely this works 
      // file-1, product page $last_add_to_cart['product'] = $selected_product->id; #$last_add_to_cart['quantity'] = $selected_product_quantity; $session->last_add_to_cart = $last_add_to_cart; $session->redirect('/warenkorb/'); // file-2, cart var_dump($session->last_add_to_cart); // is 1234 EDIT: When I var_dump the $session before the redirect everything is ok
    • By dweeda
      At the top of each of my main pages, I want to redirect to my login page if the session is timed out.  How can I use the PW API to test for this?
      $user->isLoggedin() doesn't seem to do it, like I expected.
      THX