Transparent Session Management with Sessionz

46093583d8895095adb1b0071c505af2?s=47 Eric Mann
January 20, 2017

Transparent Session Management with Sessionz

Sessionz is a new PHP library that adds a custom session manager to your application. On top of this custom manager, you can mix any number of specific handlers into a stack to deal with your data:

- Write sessions out to the default, filesystem-based session store.
- Cache session data in-memory for faster reads (and faster performance).
- Encrypt stored data so it’s protected at rest.
- Synchronize data to an external storage system so multiple application servers can reference it.

In this lightning talk I’ll cover both what Sessionz is (how it handles sessions transparently within your application), how it works (the SplStack implementation of callback handlers), and how you can extend it with your own custom handlers.

46093583d8895095adb1b0071c505af2?s=128

Eric Mann

January 20, 2017
Tweet

Transcript

  1. Transparent Session Management with Sessionz Nomad PHP – January 2017

  2. WP Session Manager • WordPress lacks built-in session support •

    I proposed a patch in 2012 that added a new object • It was … pretty awful
  3. Refactoring the Bitrot • Everything was stored in the WordPress

    options table • Cleanup jobs would often time out or hang entirely, filling the DB • Large sites were stalling due to the load • There had to be a better way • Why not use SessionHandlerInterface?
  4. Server Middleware

  5. Sessionz – How it works • Applications define multiple "handlers"

    for session data • Reading a session travels down the "stack" until it finds data • Found data is written back to each layer on the way back up • Writing session data travels down every layer to the bottom • Each layer can manipulate data on the way • Everything is transparent to the application
  6. Sessionz – How it works use \EAMann\Sessionz; use \EAMann\Sessionz\Handlers; require

    __DIR__ . '/vendor/autoload.php'; Manager::initialize() ->addHandler( new DefaultHandler() ) ->addHandler( new EncryptionHandler( getenv('session_passkey') ) ) ->addHandler( new MemoryHandler() ); session_start();
  7. Sessionz – How it works • Under the hood, Sessionz

    manages 5 SplStack instances • One each for every mechanism in the SessionHandlerInterface • Adding new handlers populates each stack with its appropriate callback • Standard session calls (reading/writing $_SESSION) invoke Sessionz and traverse the stack
  8. Sessionz – Extensions • Custom handlers must implement the Handler

    interface • Pass-thru handlers (crypto, logging, etc) can use a NoopHandler • Handlers look like basic Session handlers, but add a $next parameter • Each handler does its job, then defers to the callable $next to pass control down the stack
  9. Sessionz –The Future • First, rewrite WP Session Manager •

    Next, build a collection of additional handlers • Finally, encourage adoption
  10. Open Source • Available on GitHub - https://github.com/ericmann/sessionz • Tested

    with TravisCI - https://travis-ci.org/ericmann/sessionz • Packagist-Hosted - https://packagist.org/packages/ericmann/sessionz
  11. Thank you! Eric Mann - @ericmann – ttmm.io - tozny.com