Transparent Session Management with Sessionz Nomad PHP – January 2017 

WP Session Manager • WordPress lacks built-in session support • I proposed a patch in 2012 that added a new object • It was … pretty awful 

Refactoring the Bitrot • Everything was stored in the WordPress options table • Cleanup jobs would often time out or hang entirely, filling the DB • Large sites were stalling due to the load • There had to be a better way • Why not use SessionHandlerInterface? 

Server Middleware 

Sessionz – How it works • Applications define multiple "handlers" for session data • Reading a session travels down the "stack" until it finds data • Found data is written back to each layer on the way back up • Writing session data travels down every layer to the bottom • Each layer can manipulate data on the way • Everything is transparent to the application 

Sessionz – How it works use \EAMann\Sessionz; use \EAMann\Sessionz\Handlers; require __DIR__ . '/vendor/autoload.php'; Manager::initialize() ->addHandler( new DefaultHandler() ) ->addHandler( new EncryptionHandler( getenv('session_passkey') ) ) ->addHandler( new MemoryHandler() ); session_start(); 

Sessionz – How it works • Under the hood, Sessionz manages 5 SplStack instances • One each for every mechanism in the SessionHandlerInterface • Adding new handlers populates each stack with its appropriate callback • Standard session calls (reading/writing $_SESSION) invoke Sessionz and traverse the stack 

Sessionz – Extensions • Custom handlers must implement the Handler interface • Pass-thru handlers (crypto, logging, etc) can use a NoopHandler • Handlers look like basic Session handlers, but add a $next parameter • Each handler does its job, then defers to the callable $next to pass control down the stack 

Sessionz –The Future • First, rewrite WP Session Manager • Next, build a collection of additional handlers • Finally, encourage adoption 

Open Source • Available on GitHub - https://github.com/ericmann/sessionz • Tested with TravisCI - https://travis-ci.org/ericmann/sessionz • Packagist-Hosted - https://packagist.org/packages/ericmann/sessionz 

Thank you! Eric Mann - @ericmann – ttmm.io - tozny.com