Sessions支持

memcached提供了一个自定义的session处理器可以被用于存储用户session数据到memcached服务端。 一个完全独立的memcached实例将会在内部使用,因此如果需要您可以设置一个不同的服务器池。session的 key被存储在前缀memc.sess.key.之下,因此, 如果你对session和通常的缓存使用了 同样的服务器池,请注意这一点。 译注:另外一个session和通常缓存分离的原因是当通常的缓存占满了memcached服务端后,可能会导致你的session被 从缓存中踢除,导致用户莫名的掉线。

session.save_handler string

设置为memcached开启memcached的session处理器。

session.save_path string

定义一个逗号分隔的hostname:port样式的session缓存服务器池,例如: "sess1:11211, sess2:11211".

User Contributed Notes

atesin > gmail 06-Aug-2020 08:22
moderator please merge these posts

an errata to my comment done on 2020-07-28 01:06 about tmpfs session dir...

the tmpfs directory i used to install session files is "/run" not "/tmp"...  as /tmp is auto (or manual) deleted sometimes
atesin > gmail 28-Jul-2020 01:06
memcached is great, is lightning fast, very versatile and useful, scalable, and is a must have for many projects

but if you only want speed to minimize session file blocking there is also a good alternative, tmpfs

https://eddmann.com/posts/storing-php-sessions-file-caches-in-memory-using-tmpfs/

maybe if you are in debian you already had session directory in tmp (mounted as tmpfs), but beware of daily cleaning process that can mess up your sessions

you can use this trick if you are in centos/other (like me) or even if you are in debian but want to get ride of /tmp cleaning task

i realized in my system /run is also mounted as tmpfs, so i shut php-fpm down, moved my php session dir to /tmp/, reconfigure php and start again... (you can adapt it to your situation)

  systemctl stop php-fpm
  cp -a /var/lib/php/session /tmp/php-session
  vim /etc/php-fpm-d/www.conf
  ------
  php_value[session.save_path] = /run/php-session
  ------
  systemctl start php-fpm

the only drawback is tmpfs is VOLATILE, just like memcached (data is lost on unmount/shutdown/power fail), to  circumvent this risk i wrote another service that restores/backup php session dir before/after php starts/stops... (UNTESTED!)

  vim /etc/systemd/system/php-session-backup.service
  ------
  # basic persistence for tmpfs php sessions
 
  [Unit]
  Description=PHP tmpfs sessions backup/restore on shutdown/boot
  Before=php-fpm.service
 
  [Service]
  Type=oneshot
  RemainAfterExit=true
  ExecStart=rm -fr /run/php-session
  ExecStart=cp -fa /var/lib/php/session /run/php-session
  ExecStop=rm -fr /var/lib/php/session
  ExecStop=cp -fa /run/php-session /var/lib/php/session
 
  [Install]
  WantedBy=multi-user.target
  ------
  systemctl enable php-session-backup

you can also complement this with a daily backup task in case of system crash so you will lose just one day

  crontab -e
  ------
  0 4 * * * rm -fr /var/lib/php/session;cp -fa /run/php-session /var/lib/php/session
  ------

this is very rough though, you can better use inotify + rsync, could take some ideas from here

https://blog.jmdawson.co.uk/persistent-ramdisk-on-debain-ubuntu/
velazcomtz dot miguel at gmail dot com 15-Nov-2018 11:22
Is important to address that memcached is not concurrent just as regular PHP sessions.

If you have two tabs and one of them takes too long to respond and try to log out on the second, the memcached server won't respond.
benoit dot delmotte at gmail dot com 31-Mar-2017 01:41
in case of multiples memcached servers,
the separator is a semicolon ( ; ) not a comma as written

example:
session.save_path = "sess1:11211; sess2:11211"
madalin at mgiworx dot co dot uk 24-Jul-2015 08:14
short mention: Memcached has authentication support.
Ian Maddox 03-Jul-2014 02:22
If you are setting data to the session and it immediately disappears and you aren't getting any warnings in your PHP error log, it's probably because your sessions expired sometime in the 1970s.

Somewhere between memcached 1.0.2 and 2.1.0, the memcached session handler became sensitive to the 30-day TTL gotcha (aka "transparent failover").  If your session.gc_maxlifetime is greater than 2592000 (30 days), the value is treated as a unix timestamp instead of a relative seconds count.

This issue is likely to impact anyone with long-running sessions who is upgrading from Ubuntu 12.04 to 14.04.
me at nileshgr dot com 08-Apr-2014 10:38
It seems a few people think saving sessions in memcache is more secure compared to saving in file-system (/tmp) especially when the discussion is about shared hosting.

This is not true. memcache has NO authentication; everybody & anybody can read session.save_path (which will contain the memcached daemon address).

FastCGI (PHP-FPM) is much much better when you're considering security and shared hosting.

If you want to share sessions across multiple servers transparently without having headaches of adding custom handlers, you can use NFS or something similar.
richard at fussenegger dot info 16-Jun-2013 08:56
The documentation is not complete, you can also pass the weight of each server and you can use sockets if you want. In your PHP ini:

<?php

// Sockets with weight in the format socket_path:port:weight
session.save_path = "/path/to/socket:0:42"

// Or more than one so that weight makes sense?
session.save_path = "/path/to/socket_x:0:42,/path/to/socket_y:0:666"

?>

And if you should ever want to access these servers in PHP:

<?php

$servers
= explode(",", ini_get("session.save_path"));
$c = count($servers);
for (
$i = 0; $i < $c; ++$i) {
 
$servers[$i] = explode(":", $servers[$i]);
}
$memcached = new \Memcached();
call_user_func_array([ $memcached, "addServers" ], $servers);
print_r($memcached->getAllKeys());

?>
taubers at gmail dot com 04-Oct-2012 11:42
If you are using the memcache class for session handling your key is the PHP session ID.  This is different than when using the  memcached class.

Example with memcache:
GET nphu2u8eo5niltfgdbc33ajb62

Example with memcached:
GET memc.sess.key.nphu2u8eo5niltfgdbc33ajb62

For memcached, the prefix is set in the config:
memcached.sess_prefix = "memc.sess.key."
sstratton at php dot net 14-Jun-2011 12:48
While the previous poster has a point that Memcached can and will cleanup to make room for it's keys, the likelihood of active sessions (due to the likelihood that they will be written to again within 30 seconds) is fairly low provided you have your memory allocation properly alloted.
nfoo at naver dot com 28-Aug-2010 12:15
If you want to use 'memcacheD' extention not 'memcache' (there are two diffrent extentions) for session control,  you should pay attention to modify php.ini

Most web resource from google is based on memcache because It's earlier version than memcacheD. They will say as following

session.save_handler = memcache
session.save_path = "tcp://localhost:11211"

But it's not valid when it comes to memcacheD

you should modify php.ini like that

session.save_handler = memcached
session.save_path = "localhost:11211"

Look, there is no protocol indentifier
Andrei Darashenka 27-May-2009 07:56
This extension supports Session-locking!

by default
MEMC_SESS_LOCK_ATTEMPTS   30
MEMC_SESS_LOCK_WAIT       100000
MEMC_SESS_LOCK_EXPIRATION 30