altmetric / mongo-session-handler
A PHP session handler backed by MongoDB.
Installs: 57 071
Dependents: 0
Suggesters: 0
Security: 0
Stars: 6
Watchers: 4
Forks: 4
Open Issues: 0
Requires
- php: >= 5.4.0
- ext-mongodb: *
- mongodb/mongodb: ^1.0
- psr/log: ^1.0
Requires (Dev)
- phpunit/phpunit: ^4.8
This package is not auto-updated.
Last update: 2023-05-27 09:52:52 UTC
README
mongo-session-handler is not maintained anymore.
Mongo Session Handler
A PHP session handler backed by MongoDB.
Current version: 2.1.0
Supported PHP versions: 5.4, 5.5, 5.6, 7
Note: This package depends on the MongoDB PHP driver extension (mongodb
) and its companion PHP library. If you need to use the older, legacy driver (mongo
), please see version 1.0.
Installation
$ composer require altmetric/mongo-session-handler:^2.1
Usage
<?php use Altmetric\MongoSessionHandler; $sessions = $mongoClient->someDB->sessions; $handler = new MongoSessionHandler($sessions); session_set_save_handler($handler); session_set_cookie_params(0, '/', '.example.com', false, true); session_name('my_session_name'); session_start();
API Documentation
public MongoSessionHandler::__construct(MongoDB\Collection $collection[, Psr\Log\LoggerInterface $logger])
$handler = new \Altmetric\MongoSessionHandler($client->db->sessions); session_set_save_handler($handler); session_start(); $handler = new \Altmetric\MongoSessionHandler($client->db->sessions, $logger);
Instantiate a new MongoDB session handler with the following arguments:
$collection
: aMongoDB\Collection
collection to use for session storage;$logger
: an optional PSR-3-compliant logger.
The given $collection
will be populated with documents using the following schema:
_id
: theString
session ID;data
: the session data stored as aMongoDB\BSON\Binary
object using the old generic binary format for compatibility with older versions of this library;last_accessed
: aMongoDB\BSON\UTCDateTime
representation of the time this session was last written to.
This handler implements the SessionHandlerInterface
meaning that it can be registered as a session handler with session_set_save_handler
.
Expiring sessions
If you wish to clean up expired sessions using SessionHandlerInterface::gc
, ensure that your session.gc_divisor
, session.gc_probability
and session.gc_maxlifetime
settings are populated accordingly, e.g. the following settings in your php.ini
mean that sessions that haven't been updated in over an hour have a 1% chance of being cleaned whenever someone starts a new session:
session.gc_probability = 1 session.gc_divisor = 100 session.gc_maxlifetime = 3600
In order to keep session cleaning fast, you should add an index on the last_accessed
field of your session $collection
, e.g.
db.sessions.createIndex({last_accessed: 1});
Concurrency
As MongoDB prior to 3.0 does not support document level locking, this session handler operates on a principle of Last Write Wins.
If a user of a session causes two simultaneous writes then you may end up with the following situation:
- Window A reads session value of
['foo' => 'bar']
; - Window B reads session value of
['foo' => 'bar']
; - Window B writes session value of
['foo' => 'baz']
; - Window A writes session value of
['foo' => 'quux']
.
The session will now contain ['foo' => 'quux']
as it was the last successful
write. This may be surprising if you're trying to increment some value in a
session as it is not locked during reads and writes:
- Window A reads session value of
['count' => 0]
; - Window B reads session value of
['count' => 0]
; - Window B writes session value of
['count' => 1]
; - Window A writes session value of
['count' => 1]
.
Acknowledgements
- Nick Ilyin's
php-mongo-session
served as a valuable existing implementation of MongoDB-backed sessions in PHP. - Thanks to Josh Ribakoff for suggesting that the logger should be optional.
License
Copyright © 2015-2017 Altmetric LLP
Distributed under the MIT License.