By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
439,971 Members | 1,732 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 439,971 IT Pros & Developers. It's quick & easy.

How well do sessions scale?

P: n/a
Hi,

I'm new here-- I've been reading the group for a couple of days. Nice
group; I like the way n00b33 questions are handled.

I've been using a Javascript routine in index.html to determine a
visitor's browser's capabilities. The Javascript then calls main.php,
passing back its findings with a GET string; main.php saves the data as
a visitor's profile in $_SESSION elements. It then serves up home.html
and any further pages requested by the visitor after customizing them
according to the visitor's profile. This is an original technique--
I've not seen or read about any similar method of browser feature
detection.

It has been working quite well in a low volume web site
(http://thornhenge.org/IvyIsEvil/). Unless the visitor has Javascript
disabled, the redirect from index.html happens before that page is
rendered and so long as index.html and home.html are lightweight, there
is no discernable delay. (If the visitor has turned off Javascript,
meta redirection kicks in, or he can use an explicit link to
home.html-- and main.php will set up his session profile with default
values).

But I am worried about whether I'll run into server performance issues
with higher traffic. I'm new to PHP-- gradually working my way through
Welling & Thomson's book with frequent delvings into Gilmore's book
(and heavy use of www.php.net/manual/). I've yet to see any discussion
on the practical limits of sessions. So my more or less specific
questions are:

1. What is the practical size limit for the session array? What
behaviors will I see if this limit is exceeded?

2. Is there a practical limit on the number of simultaneous
sessions a simple server can handle? Would exceeding this
generate a "too many users" message or something?

3. How does PHP/Apache handle abandoned sessions? I'm assuming
that after an interval of no activity, a session is deleted?

4. Do you know of any good discussions on this topic, and could
you steer me toward them (rather than using bandwidth and
time to redundantly say it all over again here)?

TIA,
Will

Aug 1 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
>1. What is the practical size limit for the session array?
What behaviors will I see if this limit is exceeded?
No limit really -- other than that imposed by whatever mechanism you're
using to store the session data. PHP's default session handler uses
files, so you're limited by disk space and any per-directory size
limits your OS might impose.
2. Is there a practical limit on the number of simultaneous
sessions a simple server can handle? Would exceeding
this generate a "too many users" message or something?
Again, you're limited by the session handler. If your OS has a limit
on the number of files in a single directory, that's your answer.
3. How does PHP/Apache handle abandoned sessions?
I'm assuming that after an interval of no activity, a session
is deleted?
Stale sessions are deleted by the garbage collection routine. There
are a couple of parameters that define what get's deleted and when.
Check out:

http://www.php.net/manual/en/ref.ses...gc-maxlifetime
http://www.php.net/manual/en/ref.ses...gc-probability
http://www.php.net/manual/en/ref.ses...ion.gc-divisor
4. Do you know of any good discussions on this topic, and
could you steer me toward them (rather than using bandwidth
and time to redundantly say it all over again here)?


A good place to start would be:

http://www.php.net/session
http://www.acros.si/papers/session_fixation.pdf

Also bear in mind that PHP allows you to redefine the session handler.
In other words, if you don't like PHP's default of storing session data
in files, you could make it use a database or keep everything cached in
RAM. The possibilities are really limitless.

Aug 1 '05 #2

P: n/a
>It has been working quite well in a low volume web site
(http://thornhenge.org/IvyIsEvil/). Unless the visitor has Javascript
disabled, the redirect from index.html happens before that page is
rendered and so long as index.html and home.html are lightweight, there
is no discernable delay. (If the visitor has turned off Javascript,
meta redirection kicks in, or he can use an explicit link to
home.html-- and main.php will set up his session profile with default
values).

But I am worried about whether I'll run into server performance issues
with higher traffic. I'm new to PHP-- gradually working my way through
Welling & Thomson's book with frequent delvings into Gilmore's book
(and heavy use of www.php.net/manual/). I've yet to see any discussion
on the practical limits of sessions. So my more or less specific
questions are:

1. What is the practical size limit for the session array? What
behaviors will I see if this limit is exceeded?
If $_SESSION for a single session is more than a few megabytes,
you'll increase the size of the httpd processes a lot and potentially
have more swapping/paging. Also, you'd better have plenty of disk
space to store the session files. And saving and restoring big
session files every hit is a lot of disk I/O.
2. Is there a practical limit on the number of simultaneous
sessions a simple server can handle? Would exceeding this
generate a "too many users" message or something?
UNIX doesn't work real well with directories with large numbers
of files in them. I'd try to keep it well under 100,000 session
files. However, you can easily write a session handler that
stuffs sessions in a database table rather than in files. This
has advantages that the sessions can be accessed from multiple
round-robin servers serving the same content (for when you run
low on CPU power). That can probably handle a few hundred million
simultaneous sessions (but probably not the associated hit rate
unless you've got some really powerful hardware).
3. How does PHP/Apache handle abandoned sessions? I'm assuming
that after an interval of no activity, a session is deleted?


There are some parameters in PHP for probabalistic garbage collection
of stale sessions. If I wanted sessions to expire at a particular
time, I'd code my own (with the sessions in the database, it might
be occasionally running something like "delete from sessions where
subdate(now(), INTERVAL 2 DAY) >= last_hit_stamp" ).

Gordon L. Burditt
Aug 1 '05 #3

P: n/a
Your reply has been very helpful, especially the links to the garbage
collection parameter documentation.

Thanks again.
ZeldorBlat wrote:

<snip>
No limit really -- other than that imposed by whatever mechanism you're
using to store the session data. PHP's default session handler uses
files
<snip>
Also bear in mind that PHP allows you to redefine the session handler.
In other words, if you don't like PHP's default of storing session data
in files, you could make it use a database


Aug 1 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.