PHP 8.3.4 Released!

Sessions support

Memcached provides a custom session handler that can be used to store user sessions in memcache. A completely separate memcached instance is used for that internally, so you can use a different server pool if necessary. The session keys are stored under the prefix memc.sess.key., so be aware of this if you use the same server pool for sessions and generic caching.

session.save_handler string

Set to memcached to enable sessions support.

session.save_path string

Defines a comma separated of hostname:port entries to use for session server pool, for example "sess1:11211, sess2:11211".

add a note

User Contributed Notes 12 notes

up
76
nfoo at naver dot com
13 years ago
If you want to use 'memcacheD' extention not 'memcache' (there are two diffrent extentions) for session control, you should pay attention to modify php.ini

Most web resource from google is based on memcache because It's earlier version than memcacheD. They will say as following

session.save_handler = memcache
session.save_path = "tcp://localhost:11211"

But it's not valid when it comes to memcacheD

you should modify php.ini like that

session.save_handler = memcached
session.save_path = "localhost:11211"

Look, there is no protocol indentifier
up
17
richard at fussenegger dot info
10 years ago
The documentation is not complete, you can also pass the weight of each server and you can use sockets if you want. In your PHP ini:

<?php

// Sockets with weight in the format socket_path:port:weight
session.save_path = "/path/to/socket:0:42"

// Or more than one so that weight makes sense?
session.save_path = "/path/to/socket_x:0:42,/path/to/socket_y:0:666"

?>

And if you should ever want to access these servers in PHP:

<?php

$servers
= explode(",", ini_get("session.save_path"));
$c = count($servers);
for (
$i = 0; $i < $c; ++$i) {
$servers[$i] = explode(":", $servers[$i]);
}
$memcached = new \Memcached();
call_user_func_array([ $memcached, "addServers" ], $servers);
print_r($memcached->getAllKeys());

?>
up
12
Ian Maddox
9 years ago
If you are setting data to the session and it immediately disappears and you aren't getting any warnings in your PHP error log, it's probably because your sessions expired sometime in the 1970s.

Somewhere between memcached 1.0.2 and 2.1.0, the memcached session handler became sensitive to the 30-day TTL gotcha (aka "transparent failover"). If your session.gc_maxlifetime is greater than 2592000 (30 days), the value is treated as a unix timestamp instead of a relative seconds count.

This issue is likely to impact anyone with long-running sessions who is upgrading from Ubuntu 12.04 to 14.04.
up
19
taubers at gmail dot com
11 years ago
If you are using the memcache class for session handling your key is the PHP session ID. This is different than when using the memcached class.

Example with memcache:
GET nphu2u8eo5niltfgdbc33ajb62

Example with memcached:
GET memc.sess.key.nphu2u8eo5niltfgdbc33ajb62

For memcached, the prefix is set in the config:
memcached.sess_prefix = "memc.sess.key."
up
3
madalin at mgiworx dot co dot uk
8 years ago
short mention: Memcached has authentication support.
up
2
velazcomtz dot miguel at gmail dot com
5 years ago
Is important to address that memcached is not concurrent just as regular PHP sessions.

If you have two tabs and one of them takes too long to respond and try to log out on the second, the memcached server won't respond.
up
5
Andrei Darashenka
14 years ago
This extension supports Session-locking!

by default
MEMC_SESS_LOCK_ATTEMPTS 30
MEMC_SESS_LOCK_WAIT 100000
MEMC_SESS_LOCK_EXPIRATION 30
up
2
benoit dot delmotte at gmail dot com
6 years ago
in case of multiples memcached servers,
the separator is a semicolon ( ; ) not a comma as written

example:
session.save_path = "sess1:11211; sess2:11211"
up
1
atesin > gmail
3 years ago
memcached is great, is lightning fast, very versatile and useful, scalable, and is a must have for many projects

but if you only want speed to minimize session file blocking there is also a good alternative, tmpfs

https://eddmann.com/posts/storing-php-sessions-file-caches-in-memory-using-tmpfs/

maybe if you are in debian you already had session directory in tmp (mounted as tmpfs), but beware of daily cleaning process that can mess up your sessions

you can use this trick if you are in centos/other (like me) or even if you are in debian but want to get ride of /tmp cleaning task

i realized in my system /run is also mounted as tmpfs, so i shut php-fpm down, moved my php session dir to /tmp/, reconfigure php and start again... (you can adapt it to your situation)

systemctl stop php-fpm
cp -a /var/lib/php/session /tmp/php-session
vim /etc/php-fpm-d/www.conf
------
php_value[session.save_path] = /run/php-session
------
systemctl start php-fpm

the only drawback is tmpfs is VOLATILE, just like memcached (data is lost on unmount/shutdown/power fail), to circumvent this risk i wrote another service that restores/backup php session dir before/after php starts/stops... (UNTESTED!)

vim /etc/systemd/system/php-session-backup.service
------
# basic persistence for tmpfs php sessions

[Unit]
Description=PHP tmpfs sessions backup/restore on shutdown/boot
Before=php-fpm.service

[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=rm -fr /run/php-session
ExecStart=cp -fa /var/lib/php/session /run/php-session
ExecStop=rm -fr /var/lib/php/session
ExecStop=cp -fa /run/php-session /var/lib/php/session

[Install]
WantedBy=multi-user.target
------
systemctl enable php-session-backup

you can also complement this with a daily backup task in case of system crash so you will lose just one day

crontab -e
------
0 4 * * * rm -fr /var/lib/php/session;cp -fa /run/php-session /var/lib/php/session
------

this is very rough though, you can better use inotify + rsync, could take some ideas from here

https://blog.jmdawson.co.uk/persistent-ramdisk-on-debain-ubuntu/
up
0
atesin > gmail
3 years ago
moderator please merge these posts

an errata to my comment done on 2020-07-28 01:06 about tmpfs session dir...

the tmpfs directory i used to install session files is "/run" not "/tmp"... as /tmp is auto (or manual) deleted sometimes
up
-8
sstratton at php dot net
12 years ago
While the previous poster has a point that Memcached can and will cleanup to make room for it's keys, the likelihood of active sessions (due to the likelihood that they will be written to again within 30 seconds) is fairly low provided you have your memory allocation properly alloted.
up
-44
me at nileshgr dot com
9 years ago
It seems a few people think saving sessions in memcache is more secure compared to saving in file-system (/tmp) especially when the discussion is about shared hosting.

This is not true. memcache has NO authentication; everybody & anybody can read session.save_path (which will contain the memcached daemon address).

FastCGI (PHP-FPM) is much much better when you're considering security and shared hosting.

If you want to share sessions across multiple servers transparently without having headaches of adding custom handlers, you can use NFS or something similar.
To Top