10

I'm making a php web application which stores user specific information that is not shared with other users.

Would it be a good idea to store some of this information in the $_SESSION variable for caching? For example: cache a list of categories the user has created for their account.

ScottMcGready
  • 1,556
  • 2
  • 21
  • 33
menko
  • 332
  • 4
  • 12

3 Answers3

13

This would be an appropriate use of the session mechanism as long as you keep this in mind:

  • Session does not persist for an indefinite amount of time.
  • When pulling from session, ensure you actually got a result (ASP.NET will return NULL if the Session has expired/cleared)
  • Server restarts may wipe the session cache.
  • Do this for convenience, not performance. For high-performance caching, choose an appropriate mechanism (i.e. memcached)

A good usage pattern would be like this (ether cookies or session):

  • User logs in
  • Store preferences (background color, last 10 records looked at, categories) in session/cookie.
  • On rendering of a page, refer to the Session/Cookie values (ensuring they are valid values and not null).

Things not to do in a cookie

  • Don't store anything sensitive (use session).
  • A cookie value should not grant/deny you access to anything (use session).
  • Trap errors, assume flags and strings may not be what you expect, may be missing, may be changed in transit.

I'm sure there is other things to consider too, but this is just off the top of my head here.

Bryan Rehbein
  • 9,445
  • 3
  • 35
  • 41
  • I read somewhere that memcached was not worth it for lower overhead data retrieval. Is it faster than using the session? – menko Dec 11 '08 at 23:34
  • memcached is where you are storing bits and pieces of information so you don't have to keep hitting a data store. This is for very high traffic websites and one of the things you start implementing after you have expanded out your app and db servers. – Bryan Rehbein Dec 12 '08 at 00:16
  • memcached is much faster than a database, but still slower than file-based $_SESSION access because you have to make network requests instead of accessing the local disk. The reason to use it instead is for consistency across multiple servers. – Kevin Borders Nov 11 '13 at 16:07
4

That could work well for relatively small amounts of data but you'll have to take some things into consideration:

  1. $_SESSION is stored somewhere between requests, file on disk or database or something else depending on what you choose to use (default to file)
  2. $_SESSION is local to a single user on a single machine.
  3. sessions have a TTL (time to live), they dissapear after a set amount of time (which you control)
  4. Under certain circumstances, sessions can block (rarely an issue, but i've run into it streaming flash) If the data you mean to cache is to be accessed by multiple users you're quickly better off caching it seperately.
Kris
  • 36,072
  • 8
  • 69
  • 94
2

If you only want this data available during their session, then yes. If you want it available tomorrow, or 4 hours from now, you need to save it to a database.

Technically you can modify the sessions to have a very long lifespan, but realize if they use a different computer, a different browser or flush their cookies they will loose the link to their session, therefore anything serious you should create a type of user account in your application, link the session to their account and save the data in a permeate place.

TravisO
  • 9,062
  • 3
  • 33
  • 44