mintyphp / session-handlers
Better session handlers
Suggests
- ext-memcached: Needed for session storage in Memcached in class MemcachedSessionHandler
- ext-redis: Needed for session storage in Redis in class RedisSessionHandler
README
This repository contains a set of PHP session save handlers that support locking. I also contains a test suite to prove that they do. Current handlers that can be tested (and their corresponding test mode) are:
- standard
- default (SessionHandler)
Uses the "files" session module (PHP built-in). - memcachedn (NativeMemcachedSessionHandler)
Uses the "memcached" session module (ext-memcached). - redisn (NativeRedisSessionHandler)
Uses the "redis" session module (ext-redis).
- default (SessionHandler)
- strict (docs / rfc)
- files (FilesSessionHandler)
Locks using ".lock" files instead of "flock" calls. - memcached (MemcachedSessionHandler)
Locks using Memcache's atomic "add" operation. - redis (RedisSessionHandler)
Locks using Redis' atomic "setNx" operation.
- files (FilesSessionHandler)
Note that the standard mode testable handlers implement strict mode as well, but can't be tested as strict handlers.
Requirements
You can install the dependencies of this script using:
sudo apt install php-cli php-curl
Optional dependencies can be installed using:
sudo apt install memcached php-memcached redis php-redis
You need PHP 7.4 or higher to run the code.
Using the handlers
This package is on Packagist and can be installed using Composer, using:
composer require mintyphp/session-handlers
You can use the Redis handler by adding these two lines to your PHP code:
ini_set('session.save_path', 'tcp://localhost:6379');
ini_set('session.use_strict_mode', true);
session_set_save_handler(new RedisSessionHandler(), true);
Note that these lines must be executed before the "session_start()" call.
Running the tests
You can run the tests from the command line using:
php run-tests.php
The code will execute in about 1 second per handler and test 104 HTTP calls for each handler. The following output means that the tests succeeded:
standard - default : OK
standard - memcachedn : OK
standard - redisn : OK
strict - files : OK
strict - memcached : OK
strict - redis : OK
The word "FAILED" appears on a failed test and "SKIPPED" is shown when the PHP module is not loaded for either Redis or Memcache.
Stress testing
Use this for 100 runs:
for i in `seq 1 100`; do php run-tests.php silent; done
As shown, you may use the argument "silent" to suppress output on successful or skipped tests.
Links to other locking handlers
Below you find a few other implementations of locking Session handlers:
- https://github.com/mevdschee/symfony-session-tests (Symfony "files")
- https://github.com/stechstudio/laravel-raw-sessions (Laravel "files")
- https://github.com/1ma/RedisSessionHandler (Redis)
- https://github.com/colinmollenhour/php-redis-session-abstract (Redis)
- https://github.com/kronostechnologies/redis-session-handler (Redis)
Enjoy!