Re: Re: Revert session_serializer_name(), session_gc()

From:	Yasuo Ohgaki	Date:	Thu, 13 Mar 2014 07:45:17 +0000
Subject:	Re: Re: Revert session_serializer_name(), session_gc()
References:	1 2 3 4 5 6 7 8 9 10 11	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Patrick,

On Thu, Mar 13, 2014 at 4:15 PM, Patrick Schaaf <[email protected]> wrote:

> >
> > Save handler may keep & check last GC time. If it's over session.expire,
> > perform GC.
>
> That would have a "scoping" problem: session.expire, at least in theory,
> can be different for different scripts / usages of session in the same
> application, but such a global last-GC timestamp would be... global.
>
> Also generally GC is a costly global operation, slowing down the request
> that hits it (probably that's why you envision a cronjob right?)
>
Yes. This is issue for save handlers that should perform costly GC.

> > Issue is that "session data that should be deleted" is not deleted and
> > could be alive long term due to current design. Current design is good
>
> The _proper_ solution, would be to keep a timestamp stored with each
> session. kind of a last-modified timestamp. (expiry does work off last
> modification, right?). Anyhow, the trick is to check at session_start
> whether that timestamp plus whatever session.expire is set at, already is
> in the past - and when that happens, destroy the one session on storage and
> act as if it hadn't been found.
>
> This way there is no longer any correctness problem, and a GC is only
> needed to clean up sessions that are never requested again - and for that I
> fully agree that a separate - e.g. cron driven - "GC now" job would be best
> (not affecting latency of running frontent requests too much).
>
> Of course, going to such a solution, requires a change to all session
> implementations in that they must provide for storage and return of such a
> last-modified timestamp (or othewise the improvement cannot be realized for
> a non-updated-to-the-new-scheme session handler)
>
I agree. It's proper and feasible solution. I've sent issues about
session_regenerate_id() in other thread. It could be solved by time stamp
stored as session data also. Storing time stamp out side of $_SESSION data
would be cleanest solution, but it requires new interface.

It may be good idea to write a new save handler interface while keeping
older one.

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (41 messages)

• Andrey AndreevTue, 11 Mar 2014 13:37:44 +0000
  • Yasuo OhgakiTue, 11 Mar 2014 22:37:31 +0000Re: Revert session_serializer_name(), session_gc()
    • Andrey AndreevTue, 11 Mar 2014 23:54:21 +0000
      • Yasuo OhgakiWed, 12 Mar 2014 00:19:14 +0000
        • Andrey AndreevWed, 12 Mar 2014 11:04:03 +0000
          • Yasuo OhgakiWed, 12 Mar 2014 11:30:03 +0000
            • Andrey AndreevWed, 12 Mar 2014 12:03:10 +0000
              • Yasuo OhgakiWed, 12 Mar 2014 21:12:35 +0000
                • Andrey AndreevWed, 12 Mar 2014 23:43:32 +0000
                  • Yasuo OhgakiThu, 13 Mar 2014 01:40:07 +0000
                    • Patrick SchaafThu, 13 Mar 2014 07:15:00 +0000Re: Re: Revert session_serializer_name(), session_gc()
                      • Yasuo OhgakiThu, 13 Mar 2014 07:45:17 +0000
                        • Pierre JoyeThu, 13 Mar 2014 09:22:01 +0000
                          • Andrey AndreevThu, 13 Mar 2014 10:36:35 +0000
                            • Andrey AndreevThu, 13 Mar 2014 16:56:11 +0000
                              • Yasuo OhgakiThu, 13 Mar 2014 20:09:01 +0000
                                • Andrey AndreevThu, 13 Mar 2014 21:01:24 +0000
                                  • Yasuo OhgakiThu, 13 Mar 2014 22:01:10 +0000
                                  • Yasuo OhgakiThu, 13 Mar 2014 22:18:48 +0000
                                    • Andrey AndreevThu, 13 Mar 2014 23:16:28 +0000
                                      • Yasuo OhgakiFri, 14 Mar 2014 01:30:15 +0000
                                        • Andrey AndreevFri, 14 Mar 2014 10:07:05 +0000
                                          • Patrick SchaafFri, 14 Mar 2014 10:30:14 +0000
                                            • Andrey AndreevFri, 14 Mar 2014 10:44:09 +0000
                                              • Yasuo OhgakiSat, 15 Mar 2014 00:20:49 +0000
                                                • Andrey AndreevSat, 15 Mar 2014 02:32:59 +0000
                                                  • Yasuo OhgakiSat, 15 Mar 2014 04:15:23 +0000
                                                    • Yasuo OhgakiSat, 15 Mar 2014 04:36:05 +0000
                                                      • Andrey AndreevSat, 15 Mar 2014 05:10:07 +0000
                                                        • Yasuo OhgakiSat, 15 Mar 2014 06:28:13 +0000
                                                          • Andrey AndreevSat, 15 Mar 2014 18:33:05 +0000
                                                            • Yasuo OhgakiSun, 16 Mar 2014 00:45:57 +0000
                                                              • Yasuo OhgakiSun, 16 Mar 2014 00:57:51 +0000
                                          • Yasuo OhgakiFri, 14 Mar 2014 10:30:42 +0000
                                            • Yasuo OhgakiFri, 14 Mar 2014 10:38:37 +0000
                            • Yasuo OhgakiThu, 13 Mar 2014 19:32:13 +0000
                              • Andrey AndreevThu, 13 Mar 2014 20:29:29 +0000
                      • Lester CaineThu, 13 Mar 2014 10:04:05 +0000
                  • Yasuo OhgakiThu, 13 Mar 2014 01:49:00 +0000
                    • Yasuo OhgakiThu, 13 Mar 2014 03:03:00 +0000
  • Julien PauliWed, 12 Mar 2014 16:00:44 +0000