View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Supportez nous sur Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - PHP Session Locking - ProjeQtOr

Prochaines sessions de formation

Les prochaines formations et démonstrations sont ouvertes, inscrivez-vous rapidement !

 

Démonstration de ProjeQtOr

(gratuit, sur inscription)

Mardi 23 avril (10h30-12h)

Jeudi 16 mai (16h-17h30)

Jeudi 13 juin (10h30-12h)

  
 

Planifiez avec ProjeQtOr

3 et 4 avril (9h - 12h30)

  
 

Administrez avec ProjeQtOr

10 et 11 avril (9h - 12h30)

  

 

 
 

PHP Session Locking

More
04 Jan 2021 11:28 #1 by bbalet
PHP Session Locking was created by bbalet
Hi,

When analyzing profiling files, I've noticed that session_start is very slow (left picture). By switching from files to redis the time spent by session_start becomes insignificant (right picture). But the drawback is that Redis doesn't have any lock capabilities (compared to files/memcached).

https://ibb.co/LZy2VDZ
File Attachment:


I've noticed that :
  • An ajax query is regularly invoked to save data to session.
  • There is a lot of data stored into the session.
  • Data is stored into session from many places into the code, so it prevents using the good practice below:
session_start(); $_SESSION['user'] = "Me "; Session_write_close(); //close write capability

I have some questions:
  • Do you consider that it is too risky to use Redis? If a race condition occurs, can the data stored into session causes a security problem ?
  • Is there a way to move all the code that writes data to session in a way that only the script SaveDataToSession.php is used for this purpose?

Please Connexion or Create an account to join the conversation.

More
04 Jan 2021 16:27 #2 by babynus
Replied by babynus on topic PHP Session Locking

Do you consider that it is too risky to use Redis? If a race condition occurs, can the data stored into session causes a security problem ?

I don't really know Redis and its constraints.
But I don't think it could be less secure than file storing.
I don't think that so strategic data are stored in session as to cause a security problem with incorret concurrency storing in session.

Is there a way to move all the code that writes data to session in a way that only the script SaveDataToSession.php is used for this purpose?

Well, no not in a single script.
But session values are all stored usng setSessionValue() PHP function, so possibly something can be done here.
Babynus
Administrator of ProjeQtOr web site

Please Connexion or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.034 seconds

Paramétrages de cookies

×

Cookies fonctionnels

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Veuillez vous connecter pour voir vos activités!

Autres cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form