$30 off During Our Annual Pro Sale. View Details »

Transparent Session Management with Sessionz

Eric Mann
January 20, 2017
Technology
0
110

Transparent Session Management with Sessionz

Sessionz is a new PHP library that adds a custom session manager to your application. On top of this custom manager, you can mix any number of specific handlers into a stack to deal with your data:

- Write sessions out to the default, filesystem-based session store.
- Cache session data in-memory for faster reads (and faster performance).
- Encrypt stored data so it’s protected at rest.
- Synchronize data to an external storage system so multiple application servers can reference it.

In this lightning talk I’ll cover both what Sessionz is (how it handles sessions transparently within your application), how it works (the SplStack implementation of callback handlers), and how you can extend it with your own custom handlers.

Eric Mann

January 20, 2017
Tweet

More Decks by Eric Mann

See All by Eric Mann
Asynchronous Awesome
ericmann
0
77
WordPress, Meet AI
ericmann
0
24
Cooking with Credentials
ericmann
0
33
OWASP Top Ten in Review
ericmann
0
24
Monkeys in the Machine
ericmann
0
100
Asynchronous Awesome
ericmann
0
200
Evolution of PHP Security
ericmann
0
240
Web Application Security Update: Top Vulnerabilities
ericmann
0
100
Asynchronous Awesome
ericmann
0
75

Other Decks in Technology

See All in Technology
PKSHAでアルゴリズムを 社会実装する楽しみ
pkshadeck
1
170
ChatGPTとKarateで実現するシン・BDD / Realizing New BDD through ChatGPT and Karate
takanorig
0
110
APIシナリオテストツールとしてのrunn / 4 API testing tools
k1low
1
540
DMMオンラインサロン エンジニア採用資料/ for-software-engineers
onlinesalon
0
3.6k
AI Transformation に向けた Microsoft Copilot Stack と Data 戦略
dahatake
1
310
GPTsによるアシスタント業務の改善
neonankiti
3
370
231116 あつまれ入力デバイスの沼 Ryu.Cyberさん
comucal
PRO
0
230
Garoon 開発チーム / Garoon development team
cybozuinsideout
PRO
0
2.3k
更新”しない”ドキュメント管理 「イミュータブルドキュメントモデル」の実運用
kosui
11
1.6k
Generative A.I. + Law - A Year in Review
danielkatz
PRO
0
470
AWS re:Invent 2023 わざわざ現地まで行く意味あるの?→ありました
minorun365
PRO
5
1.1k
reInvent2023のセキュリティまとめしてGuardDutyQとコストの話します
cmusudakeisuke
0
270

Featured

See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
BBQ
matthewcrist
76
8.5k
Rails Girls Zürich Keynote
gr2m
90
12k
Web Components: a chance to create the future
zenorocha
304
41k
A designer walks into a library…
pauljervisheath
199
22k
How to Ace a Technical Interview
jacobian
272
22k
Making Projects Easy
brettharned
105
5.2k
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.3k
How To Stay Up To Date on Web Technology
chriscoyier
780
250k
A Modern Web Designer's Workflow
chriscoyier
688
190k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
5
750
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
219
21k

Transcript

  1. Transparent Session
    Management with Sessionz
    Nomad PHP – January 2017

    View Slide

  2. WP Session Manager
    • WordPress lacks built-in session support
    • I proposed a patch in 2012 that added a new object
    • It was … pretty awful

    View Slide

  3. Refactoring the Bitrot
    • Everything was stored in the WordPress options table
    • Cleanup jobs would often time out or hang entirely, filling the DB
    • Large sites were stalling due to the load
    • There had to be a better way
    • Why not use SessionHandlerInterface?

    View Slide

  4. Server Middleware

    View Slide

  5. Sessionz – How it works
    • Applications define multiple "handlers" for session data
    • Reading a session travels down the "stack" until it finds data
    • Found data is written back to each layer on the way back up
    • Writing session data travels down every layer to the bottom
    • Each layer can manipulate data on the way
    • Everything is transparent to the application

    View Slide

  6. Sessionz – How it works
    use \EAMann\Sessionz;
    use \EAMann\Sessionz\Handlers;
    require __DIR__ . '/vendor/autoload.php';
    Manager::initialize()
    ->addHandler( new DefaultHandler() )
    ->addHandler( new EncryptionHandler( getenv('session_passkey') ) )
    ->addHandler( new MemoryHandler() );
    session_start();

    View Slide

  7. Sessionz – How it works
    • Under the hood, Sessionz manages 5 SplStack instances
    • One each for every mechanism in the SessionHandlerInterface
    • Adding new handlers populates each stack with its appropriate callback
    • Standard session calls (reading/writing $_SESSION) invoke Sessionz and
    traverse the stack

    View Slide

  8. Sessionz – Extensions
    • Custom handlers must implement the Handler interface
    • Pass-thru handlers (crypto, logging, etc) can use a NoopHandler
    • Handlers look like basic Session handlers, but add a $next parameter
    • Each handler does its job, then defers to the callable $next to pass control
    down the stack

    View Slide

  9. Sessionz –The Future
    • First, rewrite WP Session Manager
    • Next, build a collection of additional handlers
    • Finally, encourage adoption

    View Slide

  10. Open Source
    • Available on GitHub - https://github.com/ericmann/sessionz
    • Tested with TravisCI - https://travis-ci.org/ericmann/sessionz
    • Packagist-Hosted - https://packagist.org/packages/ericmann/sessionz

    View Slide

  11. Thank you!
    Eric Mann - @ericmann – ttmm.io - tozny.com

    View Slide