Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Transparent Session Management with Sessionz

Eric Mann
January 20, 2017
Technology
0
120

Transparent Session Management with Sessionz

Sessionz is a new PHP library that adds a custom session manager to your application. On top of this custom manager, you can mix any number of specific handlers into a stack to deal with your data:

- Write sessions out to the default, filesystem-based session store.
- Cache session data in-memory for faster reads (and faster performance).
- Encrypt stored data so it’s protected at rest.
- Synchronize data to an external storage system so multiple application servers can reference it.

In this lightning talk I’ll cover both what Sessionz is (how it handles sessions transparently within your application), how it works (the SplStack implementation of callback handlers), and how you can extend it with your own custom handlers.

Eric Mann

January 20, 2017
Tweet

More Decks by Eric Mann

See All by Eric Mann
Asynchronous Awesome
ericmann
0
98
WordPress, Meet AI
ericmann
0
27
Cooking with Credentials
ericmann
0
36
OWASP Top Ten in Review
ericmann
0
25
Monkeys in the Machine
ericmann
0
120
Asynchronous Awesome
ericmann
0
230
Evolution of PHP Security
ericmann
0
280
Web Application Security Update: Top Vulnerabilities
ericmann
0
120
Asynchronous Awesome
ericmann
0
78

Other Decks in Technology

See All in Technology
プロデザ! BY リクルート vol.18_リクルートのリサーチ実践組織「リサーチブーストコミュニティ」
recruitengineers
PRO
3
270
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
2
370
KubeCon EU 2024 Recap “Kubernetes Policy Time Machine: Where to Next?”
ryysud
0
200
日本におけるデータエンジニアリングのこれまでとこれから
foursue
16
4.2k
Databricks における 『MLOps』
databricksjapan
2
170
エンジニア候補者向け資料2024.04.24.pdf
macloud
0
3.3k
GraphQL 成熟度モデルの紹介と、プロダクトに当てはめた事例 / GraphQL maturity model
mh4gf
7
1.3k
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
290
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
280
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
1
330
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
140
コンパウンドスタートアップのためのスケーラブルでセキュアなInfrastructure as Codeパイプラインを考える / Scalable and Secure Infrastructure as Code Pipeline for a Compound Startup
yuyatakeyama
4
4.7k

Featured

See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
14
1.5k
Side Projects
sachag
451
41k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
17
1.4k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
Art, The Web, and Tiny UX
lynnandtonic
289
19k
GitHub's CSS Performance
jonrohan
1025
450k
Writing Fast Ruby
sferik
621
60k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k
[RailsConf 2023] Rails as a piece of cake
palkan
23
3.9k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
Six Lessons from altMBA
skipperchong
21
3k
Fireside Chat
paigeccino
21
2.6k

Transcript

  1. Transparent Session Management with Sessionz Nomad PHP – January 2017

  2. WP Session Manager • WordPress lacks built-in session support •

    I proposed a patch in 2012 that added a new object • It was … pretty awful

  3. Refactoring the Bitrot • Everything was stored in the WordPress

    options table • Cleanup jobs would often time out or hang entirely, filling the DB • Large sites were stalling due to the load • There had to be a better way • Why not use SessionHandlerInterface?

  4. Server Middleware

  5. Sessionz – How it works • Applications define multiple "handlers"

    for session data • Reading a session travels down the "stack" until it finds data • Found data is written back to each layer on the way back up • Writing session data travels down every layer to the bottom • Each layer can manipulate data on the way • Everything is transparent to the application

  6. Sessionz – How it works use \EAMann\Sessionz; use \EAMann\Sessionz\Handlers; require

    __DIR__ . '/vendor/autoload.php'; Manager::initialize() ->addHandler( new DefaultHandler() ) ->addHandler( new EncryptionHandler( getenv('session_passkey') ) ) ->addHandler( new MemoryHandler() ); session_start();

  7. Sessionz – How it works • Under the hood, Sessionz

    manages 5 SplStack instances • One each for every mechanism in the SessionHandlerInterface • Adding new handlers populates each stack with its appropriate callback • Standard session calls (reading/writing $_SESSION) invoke Sessionz and traverse the stack

  8. Sessionz – Extensions • Custom handlers must implement the Handler

    interface • Pass-thru handlers (crypto, logging, etc) can use a NoopHandler • Handlers look like basic Session handlers, but add a $next parameter • Each handler does its job, then defers to the callable $next to pass control down the stack

  9. Sessionz –The Future • First, rewrite WP Session Manager •

    Next, build a collection of additional handlers • Finally, encourage adoption

  10. Open Source • Available on GitHub - https://github.com/ericmann/sessionz • Tested

    with TravisCI - https://travis-ci.org/ericmann/sessionz • Packagist-Hosted - https://packagist.org/packages/ericmann/sessionz

  11. Thank you! Eric Mann - @ericmann – ttmm.io - tozny.com