moderator please merge these posts
an errata to my comment done on 2020-07-28 01:06 about tmpfs session dir...
the tmpfs directory i used to install session files is "/run" not "/tmp"... as /tmp is auto (or manual) deleted sometimes
memcached提供了一个自定义的session处理器可以被用于存储用户session数据到memcached服务端。
一个完全独立的memcached实例将会在内部使用,因此如果需要您可以设置一个不同的服务器池。session的
key被存储在前缀memc.sess.key.
之下,因此, 如果你对session和通常的缓存使用了
同样的服务器池,请注意这一点。
译注:另外一个session和通常缓存分离的原因是当通常的缓存占满了memcached服务端后,可能会导致你的session被
从缓存中踢除,导致用户莫名的掉线。
session.save_handler
string
设置为memcached
开启memcached的session处理器。
session.save_path
string
定义一个逗号分隔的hostname:port
样式的session缓存服务器池,例如:
"sess1:11211, sess2:11211"
.
moderator please merge these posts
an errata to my comment done on 2020-07-28 01:06 about tmpfs session dir...
the tmpfs directory i used to install session files is "/run" not "/tmp"... as /tmp is auto (or manual) deleted sometimes
memcached is great, is lightning fast, very versatile and useful, scalable, and is a must have for many projects
but if you only want speed to minimize session file blocking there is also a good alternative, tmpfs
https://eddmann.com/posts/storing-php-sessions-file-caches-in-memory-using-tmpfs/
maybe if you are in debian you already had session directory in tmp (mounted as tmpfs), but beware of daily cleaning process that can mess up your sessions
you can use this trick if you are in centos/other (like me) or even if you are in debian but want to get ride of /tmp cleaning task
i realized in my system /run is also mounted as tmpfs, so i shut php-fpm down, moved my php session dir to /tmp/, reconfigure php and start again... (you can adapt it to your situation)
systemctl stop php-fpm
cp -a /var/lib/php/session /tmp/php-session
vim /etc/php-fpm-d/www.conf
------
php_value[session.save_path] = /run/php-session
------
systemctl start php-fpm
the only drawback is tmpfs is VOLATILE, just like memcached (data is lost on unmount/shutdown/power fail), to circumvent this risk i wrote another service that restores/backup php session dir before/after php starts/stops... (UNTESTED!)
vim /etc/systemd/system/php-session-backup.service
------
# basic persistence for tmpfs php sessions
[Unit]
Description=PHP tmpfs sessions backup/restore on shutdown/boot
Before=php-fpm.service
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=rm -fr /run/php-session
ExecStart=cp -fa /var/lib/php/session /run/php-session
ExecStop=rm -fr /var/lib/php/session
ExecStop=cp -fa /run/php-session /var/lib/php/session
[Install]
WantedBy=multi-user.target
------
systemctl enable php-session-backup
you can also complement this with a daily backup task in case of system crash so you will lose just one day
crontab -e
------
0 4 * * * rm -fr /var/lib/php/session;cp -fa /run/php-session /var/lib/php/session
------
this is very rough though, you can better use inotify + rsync, could take some ideas from here
https://blog.jmdawson.co.uk/persistent-ramdisk-on-debain-ubuntu/
Is important to address that memcached is not concurrent just as regular PHP sessions.
If you have two tabs and one of them takes too long to respond and try to log out on the second, the memcached server won't respond.
in case of multiples memcached servers,
the separator is a semicolon ( ; ) not a comma as written
example:
session.save_path = "sess1:11211; sess2:11211"
short mention: Memcached has authentication support.
If you are setting data to the session and it immediately disappears and you aren't getting any warnings in your PHP error log, it's probably because your sessions expired sometime in the 1970s.
Somewhere between memcached 1.0.2 and 2.1.0, the memcached session handler became sensitive to the 30-day TTL gotcha (aka "transparent failover"). If your session.gc_maxlifetime is greater than 2592000 (30 days), the value is treated as a unix timestamp instead of a relative seconds count.
This issue is likely to impact anyone with long-running sessions who is upgrading from Ubuntu 12.04 to 14.04.
It seems a few people think saving sessions in memcache is more secure compared to saving in file-system (/tmp) especially when the discussion is about shared hosting.
This is not true. memcache has NO authentication; everybody & anybody can read session.save_path (which will contain the memcached daemon address).
FastCGI (PHP-FPM) is much much better when you're considering security and shared hosting.
If you want to share sessions across multiple servers transparently without having headaches of adding custom handlers, you can use NFS or something similar.
The documentation is not complete, you can also pass the weight of each server and you can use sockets if you want. In your PHP ini:
<?php
// Sockets with weight in the format socket_path:port:weight
session.save_path = "/path/to/socket:0:42"
// Or more than one so that weight makes sense?
session.save_path = "/path/to/socket_x:0:42,/path/to/socket_y:0:666"
?>
And if you should ever want to access these servers in PHP:
<?php
$servers = explode(",", ini_get("session.save_path"));
$c = count($servers);
for ($i = 0; $i < $c; ++$i) {
$servers[$i] = explode(":", $servers[$i]);
}
$memcached = new \Memcached();
call_user_func_array([ $memcached, "addServers" ], $servers);
print_r($memcached->getAllKeys());
?>
If you are using the memcache class for session handling your key is the PHP session ID. This is different than when using the memcached class.
Example with memcache:
GET nphu2u8eo5niltfgdbc33ajb62
Example with memcached:
GET memc.sess.key.nphu2u8eo5niltfgdbc33ajb62
For memcached, the prefix is set in the config:
memcached.sess_prefix = "memc.sess.key."
While the previous poster has a point that Memcached can and will cleanup to make room for it's keys, the likelihood of active sessions (due to the likelihood that they will be written to again within 30 seconds) is fairly low provided you have your memory allocation properly alloted.
If you want to use 'memcacheD' extention not 'memcache' (there are two diffrent extentions) for session control, you should pay attention to modify php.ini
Most web resource from google is based on memcache because It's earlier version than memcacheD. They will say as following
session.save_handler = memcache
session.save_path = "tcp://localhost:11211"
But it's not valid when it comes to memcacheD
you should modify php.ini like that
session.save_handler = memcached
session.save_path = "localhost:11211"
Look, there is no protocol indentifier
This extension supports Session-locking!
by default
MEMC_SESS_LOCK_ATTEMPTS 30
MEMC_SESS_LOCK_WAIT 100000
MEMC_SESS_LOCK_EXPIRATION 30