SessionHandlerDBRedis

[Karl_T]

Greetings. I am here to share my first module. I make this module because I cannot find one to suit my need. I like SessionHandlerDB but I do not want to use mysql database to store session for performance. So, Redis seems to be the best choice. I have tried to use netcarver's SessionHandlerRedis but it lacks something I need, those are the active session checking and the easy module configuration while I do borrow some code from it (thanks to netcarver). So I take this chance to merge them together to form a new module. I am new to use github and I don't know if it is appropriate to publish another similar project, or fork from them. 

You may grab this from Github: SessionHandlerDBRedis

I hope this could give somebody a help.

 

Updated to v0.4

changelog: 

v0.3 - added ability to get forwarded IP instead of normal remote IP. 

v0.4 - added session lock

[arjen]

Thanks for posting Karl.

I think it would be best to fork the project and commit your changes. This way there will be only one Redis session handler database but with two developers. @netcarver is a really nice guy, so I think you guys can work this out

[Karl_T]

@arjen Thanks for your suggestion. Hopefully my publish does not cause much issue here. Sorry if I have violated something. I wondered if it is appropriate to fork a project with 90% code changed or instead fork to SessionHandlerDB with more similarity. I will try to fork SessionHandlerRedis later. Hope that netcarver is still interested in this module. 

[arjen]

No issues here

But since the amount of modules is (luckily) pretty small in ProcessWire I guess it would be wise to join forces instead of creating several modules with overlap. If 90% of the code is changed, I'm not really sure if a fork is appropriate, but it might be. I guess we have to wait until @netcarver joins the discussion.

[netcarver]

My module was very experimental. Very happy for it to have a successor 

[Karl_T]

8 hours ago, netcarver said:

My module was very experimental. Very happy for it to have a successor 

Thanks netcarver, I will try to make a pr on it. 

I do think using Redis as the session handler has many advantages such as reduce work load for mysql(if you are using it to store sessions) and performance boot(fastest way at the moment?). I experienced a faster page load after using it, no thorough experiment anyway lol. So, I am surprised that no much dev is interested in this(no reply in the SessionHandlerRedis post last two years!?). I wonder if I missed some drawbacks or this tech is already outdated.

[LostKobrakai]

Redis is often not available in shared hosting environments and we have lots of users, where this kind of tech / performance gain doesn't make a real difference. It's certainly a really nice to have module, but it always depends on the use-case.

[Karl_T]

7 minutes ago, LostKobrakai said:

Redis is often not available in shared hosting environments and we have lots of users, where this kind of tech / performance gain doesn't make a real difference. It's certainly a really nice to have module, but it always depends on the use-case.

Thanks for your points. It indeed makes less difference for low traffic site where shared hosting is the common choice. I always use cheap VPS plan in DigitalOcean or Linode to gain the largest control for less money so I forgot about shared hosting for long..

[seddass]

@Karl_T It's great of what you have done. I can feel your excitement about using Redis. 

Haven't had the chance to dig deeper into your code but of what I saw, you are not using session lock. Forgive me if I am wrong.

I was using phpredis (the php extension) as a global session handler replacement in php.ini , but it lacks support for session lock. I was having trouble because of this and I wrote my own solution attached here. I just prepend it.

When using session with files - the files system have lock on write. When using SessionDB - the database has a row or table lock depending on the table engine. Memcache have lock implemented and it's suitable for replacement in php.ini. Of what I saw in the phpredis code, there is no lock and have to be implemented externally. 

• My issue because of this here.
• This guy here explained more about the session lock and session fixation.
• Here is the related issue/feature request at GitHub/phpredis. 
• Magento's dev opinion here .

Also many recommend igbinary as a php serializer of the session data before to be stored in Redis. Of course, it is not installed by default on a shared hosting. Just as a reminder, there were many ways to decrease the memory usage. Some prefer using "strings" instead of "hashes" as a datatype if not using millions of sessions and shortened keys for memory optimization. 

Also, just saw a cron job deleting the expired keys. Redis have native key removal for the expired keys and there is no reason for garbage collector or a cron job to delete the old keys. Sorry if I am wrong about your code. I am keen to test it in the morning. 

Hope this helps. Peace!

session_handler_redis.php

test_serializers.php

[Karl_T]

@seddass Thanks for your great lesson. I have really learnt a lot! I lack the knowledge and sense to find out the potential threats. And, I should have made it clear about the existence of any open issues affecting the usage before using a library. I will dig deeper and try to resolve the issue. Your attached code would be a great help for this.

11 hours ago, seddass said:

Some prefer using "strings" instead of "hashes" as a datatype if not using millions of sessions and shortened keys for memory optimization. 

I was using string as datatype originally. Hash is used because it is the only way I found that can let me to do calculation like finding recent active session using timestamp by ZADD.

11 hours ago, seddass said:

Also, just saw a cron job deleting the expired keys. Redis have native key removal for the expired keys and there is no reason for garbage collector or a cron job to delete the old keys.

Thanks for poitning this out. I overlooked this one.

 

[seddass]

@Karl_T Glad to save your time. If we join forces we can create a great Redis Sess Handler for PW. Hope @netcarver will help too. 

Quote

Hash is used because it is the only way I found that can let me to do calculation like finding recent active session using timestamp by ZADD.

If it's just occasionally, I would try with strings using TTL (or PTTL) to get their expire time and to sort all the keys in php array. BTW never played with TTL till now. It has to be tested with a lot of sessions. 

The next feature will be to provide connection support for local socket and to multiple Redis servers with priority and auth.

My experience with Redis started when I find out session_id() took 12 seconds because of many sess files. 

[netcarver]

@seddass, @Karl_T

I'm a little out of the loop regarding Redis, at the moment, but I like the idea of collaborating on this. As I have the original repo on github, how about I add you both as collaborators, and we can make this a more community oriented effort?

[Karl_T]

This would be great. I would like to contribute.

[seddass]

sure, 'anilex' at Github

[netcarver]

@Karl_T, @seddass you should both have collaborator invitations in a moment or two.

[Hosted Power]

On 4/21/2017 at 8:00 PM, seddass said:

session_handler_redis.php

test_serializers.php

Trying to there files, but it says not available for my account  I just signed up, but I assume the files contains fixes for the public module here: https://github.com/karltaidev/SessionHandlerDBRedis

Were you able to implement the lock or didn't I understand correctly?

[Hosted Power]

Hmm in the meanwhile I was able to download it, but I'm unsure how it works. 

PS: Karl_T, can't you implement the locks in your module with this example?

[Karl_T]

Hi @Hosted Power. Currently session lock is missing in the module. I am currently busy on my own project. I will make a pull request to netcarver's repo with the session lock implemented some time later, maybe a month later as I want to use this on my project too. I will post it here after that.

[Hosted Power]

Ok that would be terrific, we have a lot of other CMS with redis enabled and redis really rocks for storing sessions

[seddass]

3 minutes ago, Hosted Power said:

Hmm in the meanwhile I was able to download it, but I'm unsure how it works. 

 

@Hosted Power The 'session_handler_redis.php' will change your session handler. By changing the default session handler you may store your session data in files, in database, redis, memcache, etc. You can use it in any PHP project, with any CMS or framework. Include it at the beginning of your index.php or header.php, before your session_start(); Of course, you may have to tweak the port and/or socket path. Make sure you have "php_redis" extension installed for greater performance. You may need to edit the file if you don't have igbinary_serializer extension installed. 

I am busy too and hopefully, one rainy weekend I will focus on converting it as PW module with Karl_T.  Meanwhile, you have a working solution and despite it's not as a module yet, it is reliable and you can use it with ProcessWire. Enjoy!

[Hosted Power]

Hi All,

Sorry for my own late reply, but you guys here are really fast and to the point, wow! I bet this is one of the reasons our customers with ProcessWire like it so much

In any case we're looking forward to the redis module improvements! 

[Karl_T]

Session lock is added finally.  I also make a pull request to netcarver's SessionHandlerRedis. Once it is done I will close this one and move to that one probably.

FYI: phpredis is undergoing a pull request to add their session lock.

[markus_blue_tomato]

Hi,

I have tried to install the module and got an error. full report: https://github.com/karltdev/SessionHandlerDBRedis/issues/1