Forum Moderators: coopster
I've just implemented a mysql session handler for a site i've developed, and i like what it's doing so i'm going to roll it out across my sites.
however, much is made around the web of the benefits of using a database to manage sessions, but scalability aside, i've yet to see too many hard examples of where it is a major benefit.
Security
A lot of people talk about the added security it brings, yet surely you're still exposed to the same issues as before (unless you're on shared hosting,when it's certainly a benefit).
Performance
Obviously if you're running a very large site, then sessions can be pushed to the DB server, or where load balancing is required it's a great benefit, but for most of us on a "one size fits all" server, is there anything to be gained performance wise?
Complexity
It's obviously more complex to implement mysql session handling, but once the code is written it's a piece of cake, however are there aspects that could cause database storage a problem? I've already had(and fixed) issues with multidimensional arrays, i don't want any nasty suprises down the line.
It would be great if someone could provide some real examples of it's benefits, as i'm sure they are there, but until i run with it for a few months, i won't really know.
Cheers,
hughie
I can see the benefits there as well, you get absolute control and don't store sessions in a common dir as other sites, though sometimes you can tweak this, even on a shared host.
I see drawbacks as you add an extra db hit to every page, filesystem access will always be faster.
I am not sure I see a general benefit for every setup. In some setups I can see how you might have some extra things you can do and some security advantages on shared hosts as you mentioned.
If I was running on a dedicated box I don't see many, if any, advantages.
I suppose holding it in a db is more visible and accessible from an admin point of view, and therefore the session data is easier to observe/manipulate.
>> why is it people are consistently talking about "increased security"
no clue, when people make vague statements and no one seems to extrapolate on the ins and outs I have a tendency to stop listening. I'm not saying they're wrong but I can make a general statement on just about anything and it could be true or not true, depending on the specific setup or application for any given site.
again, only if you needed that
you could also use cookies with a generated id that attached to a row in the database.
users could even have unique ids if it required login
cheers for the pointer.
hughie
