PHP Sessions

PHP Sessions

What are PHP sessions?

One feature of PHP is a way to track and store information about visitors to the site by a session ID. The session ID, by default, is passed to the client in a cookie named “PHPSESSID,” but can also be passed to the client with a query string in links. Any time a client accesses the site with the session ID defined, all variables set by the PHP program is retrieved from a file associated with the ID.

There are many content management systems, or CMS, which use the session ID for storing information about visitors, including items left in the cart, login tokens, and pages visited. A CMS is able to decide to store session files in a specific location or to rely on PHP default locations. In Magento 2, for example, one can choose a specific location in PHP, such as the “session.save_path” configuration, or in the document root under the “var/session” directory.

It is important to note that sessions are intended to be temporary storage, not to save data long term. If you need long term storage, a database such as MySQL should be used to store the data. The recommended storage life for a session, set by “session.gc_maxlifetime,” is 24 minutes since the last time accessed. In other words, a session will be deleted if the visitor has not visited the site in 24 minutes.

What happens to the session files?

Old session files are deleted from PHP via a garbage collection process, which randomly runs when visitors are accessing the site. PHP has two configurations to control how likely a garbage collection process will be run: the variables “session.gc_probability” and “session.gc_divisor.” The recommended production values for these are 1 and 1000 respectively, which means there is a one in one thousand chance that garbage collection will run when a visitor accesses the site. When garbage collection runs, PHP will go through the directory of session files and delete any sessions older than the defined max lifetime.

As the clean up process runs when a visitor accesses the site, we recommend following the production values set by PHP in order to avoid having too many sessions in a folder. PHP’s garbage collection checks the last accessed time for every session file, which can take a considerable amount of time if the session path contains too many sessions.

How does cPanel handle sessions?

In the configuration which cPanel provides for PHP, session files are stored in one location and garbage collection is never run. Instead, cPanel has a custom script (/usr/local/cpanel/scripts/clean_user_php_sessions) which runs every 30 minutes. This system works well for the CMS and PHP sites which store session files in the “session.save_path” location, but causes many issues with CMS systems which specify a custom location. Magento 1, for example, always stores session files in the document root under “var/session,” which results in session files continuing to build up until the site as reached quota or the server runs out of space.

So what?

Analyzing your session data can tell you what kinds of products your customers want, and may give you clues as to how to increase your number of sales. The key to your success may lie in PHP!

Tags:
,
Questions? Contact our sales team for help!