-
Notifications
You must be signed in to change notification settings - Fork 62
Support PHP7's read_and_close #39
Comments
This is really useful, especially if you use CQRS. |
I'm not sure however who to ping at this point. Who are the core contributors to this repo? |
Any response on this would be welcome! |
@weierophinney can you take a (quick) look at this? |
I think your plan only deals with the first part of the story. Using "read_and_close" is the equivalent of calling However, the interesting part would be outside of this module: How would a software detect that it does not need to write back to the session? And why would this decision be transmitted as a configuration flag into the |
I guess that's only done by convention. GET requests only read, other requests like POST/PATCH read/write. |
Some clarification: I thought I needed this piece of functionality. But turns out it doesn't solve what I was hoping for. Thus I have no real use case anymore! Is there anybody that does need this? Otherwise I could simply close. |
I think at a minimum, SessionManager->start should accept an option to enable read_and_close. I don't think the module itself can make the decision on when to use read_and_close and when not to use it. Ideally people would use GET and POST/PATCH correctly and GET would never have any side affects, but in reality it probably will. Its best to leave that determination up to the application. |
@roelvanduijnhoven a simple use case where the the read_and_close behaviour is extremely useful is a situation with multiple simultaneous AJAX requests, each starting a session - if these AJAX requests don't need to write to the session (but still need to read from it), each of those AJAX requests will be blocking the session file (in my case, for 2s), effectively rendering them synchronous (and furthermore, blocking the workers spool) |
@eithed I'd consider your suggestion a "case where you'd use it", but it is barely a use case in the light of the original request and it's plan. Detail a code situation where you'd have an application, which may allow for some requests to immediately close and release the session, and also consider the way you'd access the session data. Note: The last time I looked, the native PHP session itself was started implicitly by explicitly using a session container object. Prior to that, the session manager is configured by the general application settings regarding sessions, i.e. cookie name etc. This would make the original plan unfeasible: You cannot configure the session manager to immediately close the session because this info usually is only ever accessible after the routing has determined the controller and action. At this stage in a ZF application you usually do not configure the session manager anymore. Also, your controller will likely only get some models injected, which may internally use some instances of session containers, which will implicitly start the PHP session. It might be possible to instantiate these session containers in a "readonly" mode. However, they would still be used in a generic model use case, i.e. the model needs to know in advance if the controller is about to call methods which would write to the session or not. All in all, if you decide to use PHP sessions, you should know that this comes with a locking feature which will serialize parallel AJAX execution. The solution for this problem likely is to not use PHP sessions, but to use a storage that can be queried without locking. However, this immediately calls for some more code to prevent unintentionally overwriting the stored data. Event sourcing with append-only writing may be a solution - but this clearly is beyond the scope of this zend-session library. The other way to solve the problem is to call You'd have a use case if you can counter my arguments and detail a scenario which would allow to know that the session that still isn't started can be started with the |
@SvenRtbg I think my use case already presents a sensible situation and the effects - given three simultaneous requests, I've observed request times of 90ms, 2s and 4s, where each of the requests repeated singularly would end up finishing within 90ms. The problem was session locking which I've not thought of before. The requests in question were simple JSON returning requests, where session was required, but writing to it wasn't needed. (As a sidenote I failed to find a setting which would explain why was the session file locked for 2s in each of the requests, even though each of the scripts would finish in less than 2s) I don't understand what routing has to do with the issue - yes, some models may use sessions, or they may not - it is up to the application (and the creators) to determine if they want a writable session, or not - just like it was brought up by @datasage : usually GET requests will be read-only, while other than GET will require writing to the session (not always, but there are multiple ways to pass that information - via headers, request params, even url matching) I'm under the impression that I'd like to see this option, as it makes sense, as the support for it exists outside the wrapper. Yes, there are ways to emulate it, so there's no harm done if it's not there. |
Routing is involved because usually your application does not only provide URLs that read from the session. So based on which URL has been requested, some of them write to the session and others don't. This means that the application can only know if it is possible to Also I'd oppose the idea that GET requests will not write to the session. This method should behave idempotent, but this is only related to the server response, not necessarily to the server state itself. But beside that discussion, determining whether a request uses GET or another HTTP method still is the task of routing, and the result is not available before that. In other news, your session lock timing suspiciously looks like something waits for a timeout. Which session save handler are you using? I've only encountered this "useless waiting until the next full second" when using something different than |
@eithed Looking at the PHP source code, it is clear that |
Let's imagine a scenario, where presence of header: "Session: read-only" sets the session in aforementioned state. If routing was the only thing that can (or should) access headers, then I'd say that I can see and agree with the point you're making. I however think otherwise (are we getting in to personal preference territory?) I'm using memcache, and I actually found where the 2s come from - it's the timeout of the memcache connection. Still it doesn't explain why memcache is not notified about the release of the session, but manually closing the session (either with |
This repository has been closed and moved to laminas/laminas-session; a new issue has been opened at laminas/laminas-session#22. |
Since PHP7 it is possible to set the option
read_and_close
. See: `http://php.net/manual/en/migration70.new-features.php#migration70.new-features.session-optionsI use this library and want to enable this option. However it seems not to be supported yet. Would be willing to contribute. My plan is as follows.
StandardConfig
SessionManager::start
Before I start. Does repo owner agree on the necessity and plan?
The text was updated successfully, but these errors were encountered: