Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Transparent Session Management with Sessionz

Eric Mann
January 20, 2017

Transparent Session Management with Sessionz

Sessionz is a new PHP library that adds a custom session manager to your application. On top of this custom manager, you can mix any number of specific handlers into a stack to deal with your data:

- Write sessions out to the default, filesystem-based session store.
- Cache session data in-memory for faster reads (and faster performance).
- Encrypt stored data so it’s protected at rest.
- Synchronize data to an external storage system so multiple application servers can reference it.

In this lightning talk I’ll cover both what Sessionz is (how it handles sessions transparently within your application), how it works (the SplStack implementation of callback handlers), and how you can extend it with your own custom handlers.

Eric Mann

January 20, 2017
Tweet

More Decks by Eric Mann

Other Decks in Technology

Transcript

  1. Transparent Session
    Management with Sessionz
    Nomad PHP – January 2017

    View Slide

  2. WP Session Manager
    • WordPress lacks built-in session support
    • I proposed a patch in 2012 that added a new object
    • It was … pretty awful

    View Slide

  3. Refactoring the Bitrot
    • Everything was stored in the WordPress options table
    • Cleanup jobs would often time out or hang entirely, filling the DB
    • Large sites were stalling due to the load
    • There had to be a better way
    • Why not use SessionHandlerInterface?

    View Slide

  4. Server Middleware

    View Slide

  5. Sessionz – How it works
    • Applications define multiple "handlers" for session data
    • Reading a session travels down the "stack" until it finds data
    • Found data is written back to each layer on the way back up
    • Writing session data travels down every layer to the bottom
    • Each layer can manipulate data on the way
    • Everything is transparent to the application

    View Slide

  6. Sessionz – How it works
    use \EAMann\Sessionz;
    use \EAMann\Sessionz\Handlers;
    require __DIR__ . '/vendor/autoload.php';
    Manager::initialize()
    ->addHandler( new DefaultHandler() )
    ->addHandler( new EncryptionHandler( getenv('session_passkey') ) )
    ->addHandler( new MemoryHandler() );
    session_start();

    View Slide

  7. Sessionz – How it works
    • Under the hood, Sessionz manages 5 SplStack instances
    • One each for every mechanism in the SessionHandlerInterface
    • Adding new handlers populates each stack with its appropriate callback
    • Standard session calls (reading/writing $_SESSION) invoke Sessionz and
    traverse the stack

    View Slide

  8. Sessionz – Extensions
    • Custom handlers must implement the Handler interface
    • Pass-thru handlers (crypto, logging, etc) can use a NoopHandler
    • Handlers look like basic Session handlers, but add a $next parameter
    • Each handler does its job, then defers to the callable $next to pass control
    down the stack

    View Slide

  9. Sessionz –The Future
    • First, rewrite WP Session Manager
    • Next, build a collection of additional handlers
    • Finally, encourage adoption

    View Slide

  10. Open Source
    • Available on GitHub - https://github.com/ericmann/sessionz
    • Tested with TravisCI - https://travis-ci.org/ericmann/sessionz
    • Packagist-Hosted - https://packagist.org/packages/ericmann/sessionz

    View Slide

  11. Thank you!
    Eric Mann - @ericmann – ttmm.io - tozny.com

    View Slide