Transparent Session Management with Sessionz

Transcript

1. Transparent Session Management with Sessionz Nomad PHP – January 2017

2. WP Session Manager • WordPress lacks built-in session support •

   I proposed a patch in 2012 that added a new object • It was … pretty awful

3. Refactoring the Bitrot • Everything was stored in the WordPress

   options table • Cleanup jobs would often time out or hang entirely, filling the DB • Large sites were stalling due to the load • There had to be a better way • Why not use SessionHandlerInterface?

4. Server Middleware

5. Sessionz – How it works • Applications define multiple "handlers"

   for session data • Reading a session travels down the "stack" until it finds data • Found data is written back to each layer on the way back up • Writing session data travels down every layer to the bottom • Each layer can manipulate data on the way • Everything is transparent to the application

6. Sessionz – How it works use \EAMann\Sessionz; use \EAMann\Sessionz\Handlers; require

   __DIR__ . '/vendor/autoload.php'; Manager::initialize() ->addHandler( new DefaultHandler() ) ->addHandler( new EncryptionHandler( getenv('session_passkey') ) ) ->addHandler( new MemoryHandler() ); session_start();

7. Sessionz – How it works • Under the hood, Sessionz

   manages 5 SplStack instances • One each for every mechanism in the SessionHandlerInterface • Adding new handlers populates each stack with its appropriate callback • Standard session calls (reading/writing $_SESSION) invoke Sessionz and traverse the stack

8. Sessionz – Extensions • Custom handlers must implement the Handler

   interface • Pass-thru handlers (crypto, logging, etc) can use a NoopHandler • Handlers look like basic Session handlers, but add a $next parameter • Each handler does its job, then defers to the callable $next to pass control down the stack

9. Sessionz –The Future • First, rewrite WP Session Manager •

   Next, build a collection of additional handlers • Finally, encourage adoption

10. Open Source • Available on GitHub - https://github.com/ericmann/sessionz • Tested

    with TravisCI - https://travis-ci.org/ericmann/sessionz • Packagist-Hosted - https://packagist.org/packages/ericmann/sessionz

11. Thank you! Eric Mann - @ericmann – ttmm.io - tozny.com