Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Transparent Session Management with Sessionz

Eric Mann
January 20, 2017
Technology
0
93

Transparent Session Management with Sessionz

Sessionz is a new PHP library that adds a custom session manager to your application. On top of this custom manager, you can mix any number of specific handlers into a stack to deal with your data:

- Write sessions out to the default, filesystem-based session store.
- Cache session data in-memory for faster reads (and faster performance).
- Encrypt stored data so it’s protected at rest.
- Synchronize data to an external storage system so multiple application servers can reference it.

In this lightning talk I’ll cover both what Sessionz is (how it handles sessions transparently within your application), how it works (the SplStack implementation of callback handlers), and how you can extend it with your own custom handlers.

Eric Mann

January 20, 2017
Tweet

More Decks by Eric Mann

See All by Eric Mann
Asynchronous Awesome
ericmann
0
22
WordPress, Meet AI
ericmann
0
21
Cooking with Credentials
ericmann
0
25
OWASP Top Ten in Review
ericmann
0
18
Monkeys in the Machine
ericmann
0
90
Asynchronous Awesome
ericmann
0
180
Evolution of PHP Security
ericmann
0
210
Web Application Security Update: Top Vulnerabilities
ericmann
0
78
Asynchronous Awesome
ericmann
0
71

Other Decks in Technology

See All in Technology
Spring Boot 2 から 3 へバージョンアップしてみた
red_frasco
1
180
net/http/httptest.Server のアプローチをテスト戦略に活用する / Go Conference 2023
k1low
7
1.1k
Microsoft Startup Tech Meetup #0 : Kikuchi
hikiroku
1
130
microCMSのエンジニア組織と文化
microcms
0
580
金融系子会社でレガシーシステムしか作ったことないけど、モダン開発に挑戦してみた
marikashiotsuki
1
120
社内にアクセシビリティ改善を広める際に意識したこと
benevolent0505
0
190
よくわかるフォルシアのエンジニア 旅行プラットフォーム部編
forcia_dev_pr
0
210
何故、UseCaseは1メソッドなのか
okuzawats
2
400
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
10
26k
JUnitテストをCI環境で並列で実行する方法とその速度, スケーラビリティ
nabedge
4
270
安心して現場で学習できる環境として Flutter Web の管理サイトがおすすめな話
htsuruo
5
140
Blueskyの「今」がわかる!Bot
lamrongol
0
130

Featured

See All Featured
From Idea to $5000 a Month in 5 Months
shpigford
374
45k
Done Done
chrislema
178
15k
Fireside Chat
paigeccino
18
2.1k
For a Future-Friendly Web
brad_frost
166
8k
Become a Pro
speakerdeck
PRO
7
3.4k
Learning to Love Humans: Emotional Interface Design
aarron
264
38k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
How GitHub (no longer) Works
holman
299
140k
Product Roadmaps are Hard
iamctodd
39
8.2k
Mobile First: as difficult as doing things right
swwweet
213
8k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
32
8.4k
Navigating Team Friction
lara
177
12k

Transcript

  1. Transparent Session
    Management with Sessionz
    Nomad PHP – January 2017

    View Slide

  2. WP Session Manager
    • WordPress lacks built-in session support
    • I proposed a patch in 2012 that added a new object
    • It was … pretty awful

    View Slide

  3. Refactoring the Bitrot
    • Everything was stored in the WordPress options table
    • Cleanup jobs would often time out or hang entirely, filling the DB
    • Large sites were stalling due to the load
    • There had to be a better way
    • Why not use SessionHandlerInterface?

    View Slide

  4. Server Middleware

    View Slide

  5. Sessionz – How it works
    • Applications define multiple "handlers" for session data
    • Reading a session travels down the "stack" until it finds data
    • Found data is written back to each layer on the way back up
    • Writing session data travels down every layer to the bottom
    • Each layer can manipulate data on the way
    • Everything is transparent to the application

    View Slide

  6. Sessionz – How it works
    use \EAMann\Sessionz;
    use \EAMann\Sessionz\Handlers;
    require __DIR__ . '/vendor/autoload.php';
    Manager::initialize()
    ->addHandler( new DefaultHandler() )
    ->addHandler( new EncryptionHandler( getenv('session_passkey') ) )
    ->addHandler( new MemoryHandler() );
    session_start();

    View Slide

  7. Sessionz – How it works
    • Under the hood, Sessionz manages 5 SplStack instances
    • One each for every mechanism in the SessionHandlerInterface
    • Adding new handlers populates each stack with its appropriate callback
    • Standard session calls (reading/writing $_SESSION) invoke Sessionz and
    traverse the stack

    View Slide

  8. Sessionz – Extensions
    • Custom handlers must implement the Handler interface
    • Pass-thru handlers (crypto, logging, etc) can use a NoopHandler
    • Handlers look like basic Session handlers, but add a $next parameter
    • Each handler does its job, then defers to the callable $next to pass control
    down the stack

    View Slide

  9. Sessionz –The Future
    • First, rewrite WP Session Manager
    • Next, build a collection of additional handlers
    • Finally, encourage adoption

    View Slide

  10. Open Source
    • Available on GitHub - https://github.com/ericmann/sessionz
    • Tested with TravisCI - https://travis-ci.org/ericmann/sessionz
    • Packagist-Hosted - https://packagist.org/packages/ericmann/sessionz

    View Slide

  11. Thank you!
    Eric Mann - @ericmann – ttmm.io - tozny.com

    View Slide