Geek Answers Handbook

Handling sessions without an ACID database?

I am thinking of using noSQL (mongoDB) paired with memcached to store sessions in my webapp. The idea is that each time the page is loaded, user data is compared with the data in memcache, and if something has changed, the data will be written to both memcached and mySQL. That way, reading will be greatly reduced, and memcached will be used to do what it does best.

However, I'm a little worried about using a non-ACID database to store the session, especially with the memcached level. Let them say that something went wrong, updating the session in the database, and our users got an instant headache, wondering why their product, which they put in the basket, is not displayed ...

What is the appropriate approach to this? Should we go to store mySQL sessions or is it fine to save an acid-free database for sessions?

Thanks!

+6
php mysql nosql session mongodb-php
source share
6 answers

If you do not want to lose your data, use files with ACID verification.

What kind of winnings are you looking for?

If you want a secure system, you cannot trust anything from the user, with the possible exception of the selected integers, so letting them store information is usually a very bad idea.

I do not see a gain for storing sessions outside your MySQL database. You can clean the cron on the tables if this is your concern, but why bother? Some users will shop on the site and then be distracted for a while. Then they will return in a day or two.

If you use cookies or something really temporary to store session information, there is a really good chance that your purchase time was wasted. Users really value their time ... therefore, if you saved session information in a database, you can write something sexy to manage that data.

In addition, a nice side effect of this is that you will create a lot of residual information about what you like on your website, which may not be available to you later. Just as you might even think it looked like a survey or something where people adding products to their shopping cart can influence how you manage your business, order inventory, or focus your marketing.

If you go with something really temporary, you lose the residual benefits.

+1
source share

I am using MongoDB as a session repository. You can avoid the race conditions mentioned by the pilgrim. I found a class that implements a session handler for MongoDB ( http://www.jqueryin.com/projects/mongo-session/ ) and forked it on github according to my needs ( http://github.com/halfdan/MongoSession )

+4
source share

Without any lock on the session, be very careful what you store. Never store anything that depends on what you read before, because the data can change between you and the read and write - especially in the case of ajax, when several requests can go out at once.

An example of what you should not store in an unblocked session would be a shopping basket, since to add a product you need to read, non-sterilize, add a product, and then serialize again. If any other request does the same between the first read and write requests, you lose the data of the second request.

Take a look at this article: http://thwartedefforts.org/2006/11/11/race-conditions-with-ajax-and-php-sessions/

Keep sessions in your file system (where PHP locks them for you), in your database (where you need to do manual locking) or never, never write anything useful for your session if this value is obtained from a previous read.

+1
source share

When using memcached as the cache for the database, the user must ensure data consistency between the database and the cache. If you want to scale and add more servers, there is a chance not to synchronize with the database, even if everything is fine.

Instead, you can consider Hazelcast . Starting with version 1.9, it also supports memcache protocol. Compared to memcached, Hazelcast wants you to implement Map Persister and only updates the database for updated records. Thus, you do not need to handle "check the cache if the data changes the update database."

+1
source share

If you are writing an application so that the user saves all client information about the session, then you simply check this information as necessary, you do not need to worry about server-side sessions. This is one of the principles of REST style architecture. For example, if a user requests to add an item to their shopping cart, simply save the itemID list and count on the client side. When you get to the cart page, you can easily find information about an item from the list of item identifiers that they say that you are in their cart.

During the check, go directly to the transaction database to make sure that you are not getting any race conditions and check your living resources. If there is no inventory when they go to check, just say: "Sorry, we just sold out." Of course, at this point you should update all the caches that you have that tell people that you have inventory.

+1
source share

I would look at how much a user should purchase, and then ask what the cost of implementing a really good system is. Keep in mind that users are a biological retry method. "I am bored ... press restart again ..." Although this is not the most perfect solution, it is sometimes acceptable to compare the costs of "nothing to lose - ever."

If you need extra security, you can cache your sessions on a separate set of memcache servers to prevent accidental crashes. :)

There are a number of other membase.org systems and some other permanent memcache solutions (java implementations) that will be stored on disk. If you want to change your client a bit or how you access memcache, you can make your own replication of memcache session objects.

-daniel

+1
source share

More articles:


All Articles