Contact Info

(for those who care)

Instant Gratification   

Tue, 14 Nov 2006

PHP Session Handling

This guy does a great job of explaining thread-safety to people who really need to know what it means.

The problem arises, as is outlined in the cited articles above, when multiple requests can be made at the same time. The built-in PHP session handler handles maintaining exclusive access to the session data, so most simple, low-load (meaning one one web server) websites don’t experience a problem. And even if you use your own session handler that doesn’t implement any locking, the progress that the users makes through your site, downloading a page, viewing it, moving on to the next one, is so slow that contention for the session data is rarely, if ever, an issue. But then Ajax enters the picture.


I am reminded muchly of when I worked at and I implemented the same. We weren’t using AJAX back then, but AJAX or no, you still need to provide some level of transactional security. I’m impressed with the level of thought that has gone into this guy’s document, and how he’s got everything segmented into individual variables by the end of it. I will disagree somewhat that per-variable locking is the right way to go because of transactional integrity (ie: if you have two variables, $SESSION['credits'] and $SESSION['debits'] and each of them is lock-safe, but not transactional-safe, then you end up in trouble).

The model that we ended up using was the single-thread model, above the picture saying “The process execution is interleaved, but access to the session data is serialized”. This is somewhat necessary for important data, but less important for things like access counters or maybe the rating of a particular song (independent / non-$$$ data), where per-variable locking could be a big performance win. Here’s another little bit of an idea… imagine $SESSION['batch']['toRate'] = array(1234=>"4stars", 999=>"3stars");, which gets processed at the end during session destruction / cleanup or at regular intervals during the user’s session. This being opposed to the standard practice of writing all the data to /logs/batch.txt and later processing that.

All in all a highly recommended read.

22:14 CST | category / entries / links
permanent link | comments?

Like what you just read? Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.

Thanks for Visiting!