Jump to content
Karl_T

SessionHandlerDBRedis

Recommended Posts

Greetings. I am here to share my first module. I make this module because I cannot find one to suit my need. I like SessionHandlerDB but I do not want to use mysql database to store session for performance. So, Redis seems to be the best choice. I have tried to use netcarver's SessionHandlerRedis but it lacks something I need, those are the active session checking and the easy module configuration while I do borrow some code from it (thanks to netcarver). So I take this chance to merge them together to form a new module. I am new to use github and I don't know if it is appropriate to publish another similar project, or fork from them. 

You may grab this from Github: SessionHandlerDBRedis

I hope this could give somebody a help.

 

Updated to v0.4

changelog: 

v0.3 - added ability to get forwarded IP instead of normal remote IP. 

v0.4 - added session lock

  • Like 6

Share this post


Link to post
Share on other sites

Thanks for posting Karl.

I think it would be best to fork the project and commit your changes. This way there will be only one Redis session handler database but with two developers. @netcarver is a really nice guy, so I think you guys can work this out :)

Share this post


Link to post
Share on other sites

@arjen Thanks for your suggestion. Hopefully my publish does not cause much issue here. Sorry if I have violated something. I wondered if it is appropriate to fork a project with 90% code changed or instead fork to SessionHandlerDB with more similarity. I will try to fork SessionHandlerRedis later. Hope that netcarver is still interested in this module. ^_^

  • Like 1

Share this post


Link to post
Share on other sites

No issues here :)

But since the amount of modules is (luckily) pretty small in ProcessWire I guess it would be wise to join forces instead of creating several modules with overlap. If 90% of the code is changed, I'm not really sure if a fork is appropriate, but it might be. I guess we have to wait until @netcarver joins the discussion.

  • Like 2

Share this post


Link to post
Share on other sites

My module was very experimental. Very happy for it to have a successor ^-^

  • Like 2

Share this post


Link to post
Share on other sites
8 hours ago, netcarver said:

My module was very experimental. Very happy for it to have a successor ^-^

Thanks netcarver, I will try to make a pr on it. ^_^

I do think using Redis as the session handler has many advantages such as reduce work load for mysql(if you are using it to store sessions) and performance boot(fastest way at the moment?). I experienced a faster page load after using it, no thorough experiment anyway lol. So, I am surprised that no much dev is interested in this(no reply in the SessionHandlerRedis post last two years!?). I wonder if I missed some drawbacks or this tech is already outdated.:undecided:

  • Like 1

Share this post


Link to post
Share on other sites

Redis is often not available in shared hosting environments and we have lots of users, where this kind of tech / performance gain doesn't make a real difference. It's certainly a really nice to have module, but it always depends on the use-case.

Share this post


Link to post
Share on other sites
7 minutes ago, LostKobrakai said:

Redis is often not available in shared hosting environments and we have lots of users, where this kind of tech / performance gain doesn't make a real difference. It's certainly a really nice to have module, but it always depends on the use-case.

Thanks for your points. It indeed makes less difference for low traffic site where shared hosting is the common choice. I always use cheap VPS plan in DigitalOcean or Linode to gain the largest control for less money so I forgot about shared hosting for long.:P.

  • Like 3

Share this post


Link to post
Share on other sites

@Karl_T It's great of what you have done. I can feel your excitement about using Redis. 

Haven't had the chance to dig deeper into your code but of what I saw, you are not using session lock. Forgive me if I am wrong.

I was using phpredis (the php extension) as a global session handler replacement in php.ini , but it lacks support for session lock. I was having trouble because of this and I wrote my own solution attached here. I just prepend it.

When using session with files - the files system have lock on write. When using SessionDB - the database has a row or table lock depending on the table engine. Memcache have lock implemented and it's suitable for replacement in php.ini. Of what I saw in the phpredis code, there is no lock and have to be implemented externally. 

  • My issue because of this here.
  • This guy here explained more about the session lock and session fixation.
  • Here is the related issue/feature request at GitHub/phpredis. 
  • Magento's dev opinion here .

Also many recommend igbinary as a php serializer of the session data before to be stored in Redis. Of course, it is not installed by default on a shared hosting. Just as a reminder, there were many ways to decrease the memory usage. Some prefer using "strings" instead of "hashes" as a datatype if not using millions of sessions and shortened keys for memory optimization. 

Also, just saw a cron job deleting the expired keys. Redis have native key removal for the expired keys and there is no reason for garbage collector or a cron job to delete the old keys. Sorry if I am wrong about your code. I am keen to test it in the morning. 

Hope this helps. Peace!

session_handler_redis.php

test_serializers.php

  • Like 5

Share this post


Link to post
Share on other sites

@seddass Thanks for your great lesson. I have really learnt a lot! I lack the knowledge and sense to find out the potential threats. And, I should have made it clear about the existence of any open issues affecting the usage before using a library. I will dig deeper and try to resolve the issue. Your attached code would be a great help for this.:lol:

11 hours ago, seddass said:

Some prefer using "strings" instead of "hashes" as a datatype if not using millions of sessions and shortened keys for memory optimization. 

I was using string as datatype originally. Hash is used because it is the only way I found that can let me to do calculation like finding recent active session using timestamp by ZADD.

11 hours ago, seddass said:

Also, just saw a cron job deleting the expired keys. Redis have native key removal for the expired keys and there is no reason for garbage collector or a cron job to delete the old keys.

Thanks for poitning this out. I overlooked this one.

 

  • Like 3

Share this post


Link to post
Share on other sites

@Karl_T Glad to save your time. If we join forces we can create a great Redis Sess Handler for PW. Hope @netcarver will help too. 

Quote

Hash is used because it is the only way I found that can let me to do calculation like finding recent active session using timestamp by ZADD.

If it's just occasionally, I would try with strings using TTL (or PTTL) to get their expire time and to sort all the keys in php array. BTW never played with TTL till now. It has to be tested with a lot of sessions. 

The next feature will be to provide connection support for local socket and to multiple Redis servers with priority and auth.

My experience with Redis started when I find out session_id() took 12 seconds because of many sess files. 

  • Like 2

Share this post


Link to post
Share on other sites

@seddass, @Karl_T

I'm a little out of the loop regarding Redis, at the moment, but I like the idea of collaborating on this. As I have the original repo on github, how about I add you both as collaborators, and we can make this a more community oriented effort?

  • Like 7

Share this post


Link to post
Share on other sites

Hmm in the meanwhile I was able to download it, but I'm unsure how it works. 

PS: Karl_T, can't you implement the locks in your module with this example?

Share this post


Link to post
Share on other sites

Hi @Hosted Power. Currently session lock is missing in the module. I am currently busy on my own project. I will make a pull request to netcarver's repo with the session lock implemented some time later, maybe a month later as I want to use this on my project too. I will post it here after that.

Share this post


Link to post
Share on other sites
3 minutes ago, Hosted Power said:

Hmm in the meanwhile I was able to download it, but I'm unsure how it works. 

 

@Hosted Power The 'session_handler_redis.php' will change your session handler. By changing the default session handler you may store your session data in files, in database, redis, memcache, etc. You can use it in any PHP project, with any CMS or framework. Include it at the beginning of your index.php or header.php, before your session_start(); Of course, you may have to tweak the port and/or socket path. Make sure you have "php_redis" extension installed for greater performance. You may need to edit the file if you don't have igbinary_serializer extension installed. 

I am busy too and hopefully, one rainy weekend I will focus on converting it as PW module with Karl_T.  Meanwhile, you have a working solution and despite it's not as a module yet, it is reliable and you can use it with ProcessWire. Enjoy!

  • Like 1

Share this post


Link to post
Share on other sites

Hi All,

Sorry for my own late reply, but you guys here are really fast and to the point, wow! I bet this is one of the reasons our customers with ProcessWire like it so much :)

In any case we're looking forward to the redis module improvements! 

Share this post


Link to post
Share on other sites

Session lock is added finally. ;) I also make a pull request to netcarver's SessionHandlerRedis. Once it is done I will close this one and move to that one probably.

FYI: phpredis is undergoing a pull request to add their session lock.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By derelektrischemoench
      Hi guys,
      I'm facing a somewhat strange issue here which I can't quite wrap my head around. 
      I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. 
      I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login  page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess.
      Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123
      Thanks for any input, greetings
      derelektrischemoench
       
      //edit: I've noticed something interesting; despite the directories of my web folders being the same layout; when I open the admin page i get a 404 on the processwire/ resource in the networks panel of chrome; on my laptop I get a  200.... I guess this is where my problem is; but why?
       
       
    • By derelektrischemoench
      Hi guys,
      I'm facing a somewhat strange issue here which I can't quite wrap my head around. 
      I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. 
      I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login  page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess.
      Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123
      Thanks for any input, greetings
      derelektrischemoench
       
       
    • By Peter Knight
      How do you guys handle large session tables when sessions are being recorded to the database?
      I notice one of my sites has a session table of over 14MB 
      Am I missing a way in the Admin or a module to auto-remove any sessions older than X days?
      Thanks
       
    • By helmut2509
      In my PW-Application there is currently no session timeout.
      I want to set the user session to 60 minutes which means that after 60 minutes of inactivity the user will be redirected to the homepage.
      so I added the following entry to my config.php:
      $config->sessionExpireSeconds = 120; (120 seconds is just for testing).
      But after five minutes of inactivity I am still logged in, there is no redirection.
      Is there anything wrong or did I miss something?
      In php.ini I have the entry:
      session.cookie_lifetime = 3600
    • By celfred
      Hello,
      I'm facing a weird issue here. I have a page loaded with this code inside (my comments in line ends) :

      if ($session->allPlayers) { // Set in a head.inc file. I have also a $session->set('allTeams', $allTeams); in my head.inc   $allPlayers = $session->allPlayers; } else {   $allPlayers = getAllPlayers($user, false);   $session->set('allPlayers', $allPlayers); } bd($session->getAll()); // HERE, I get a number of 11 variables which is what I expect In the same page, I have a link pointing to ajaxContent.php that loads stuff via Ajax.
      I just write this in my ajaxContent.php to test :

      bd($session->getAll()); // HERE, I get only 9 variables. All my newly set $session variables ($allTeams and $allPlayers) are not conveyed to ajaxContent.php ??? Would you have any idea why is that ??? Another thing : I have a $session->headMenu set in my head.inc, and this one works fine. I can retrieve it in my ajaxContent.php page.
      I've tried cleaning all caches but it doesn't change anything 😞 
      At first, I expected it to be a 15-minute update to my site... It turns out to be a 2-hour issue and I'm still  stuck.
      Thanks for your ideas ! 
×
×
  • Create New...