PHP implements multi-server SESSION sharing

Why session sharing

Nowadays, slightly larger websites basically have several subdomains, such as www.feiniu.com, search.feiniu.com, member.feiniu.com. If these websites need to share user login information, then session sharing is required. Of course, the premise is that there is the same main domain.

PHP session principle

The client accesses the php page, executes session_start, and generates the session_id. Generally, we store the session_id in the cookie, and save the session content on the server. When the client accesses different pages, the session_id will be transmitted to the server, and the session content will be obtained through the session_id. .

The process is like this, but different servers will generate different session_id for the same client, so different servers cannot get the same session content. And PHP's default SESSION data are stored in the server's file system.

So if we want to solve session sharing, we must solve two problems :

1. Multiple servers use the same session_id

这个比较容易解决，只要在php中设置存session_id的cookie域名为网站主域就可以了
打开PHP.ini， 设置session.cookie_domain = .feiniu.com, 
当然也可以在php代码当中设置ini_set("session.cookie_domain","feiniu.com");

2. Multiple servers use the same session_id to access the same session content

要实现这点，就必须把session内容存储到让所有服务器都能访问到的地方，php的session内容是默认存储到本服务器的文件中的，一般的解决方案是存入数据库，memcache或者redis这种缓存服务器，当然用默认的文件存储方式也可以，用NFS统一存储。

如何修改session存储引擎，参考这篇文章：http://blog.csdn.net/yagas/article/details/7593415

3. How to choose a storage engine

Default file storage: This method of session destruction relies on the php garbage collector. In the case of high concurrency or long destruction time, a large number of files are generated in the SESSION directory. Of course, you can set a hierarchical directory to save the SESSION files. This will cause two problems: first, the file search is slow; second, the number of files that can be accommodated in each directory is limited, which may cause the new SESSION to fail to be stored.
Database storage: Storing the session in the database can prevent the session data from being deleted by the garbage collector, and can solidify the storage of the session data. However, using the database to synchronize the session will increase the IO of the database and increase the burden on the database. Moreover, the database read and write speed is slow, which is not conducive to the timely synchronization of sessions.
memcache storage:
- Synchronizing the session in this way will not increase the burden on the database, and the security is relatively high. Putting the session in the memory is much faster than reading from the file.
- However, memcache divides memory into storage blocks of various specifications, and there are blocks with sizes. This method also determines that memcache cannot fully utilize memory, resulting in memory fragmentation. If there are insufficient storage blocks, memory overflow will occur.
- For applications that do not need to be "distributed", do not need to be shared, or are simply small enough to have only one server, memcached will not bring any benefits, on the contrary, it will slow down the efficiency of the system, because the network connection also requires resources.
Redis storage: Compared with memcache, redis access is slightly slower. The benefits are:
- Redis supports many data structures and can store arrays or objects, while memcache can only store strings
- In the case of session machine restart, all users of memcache must regain the session, while redis will not
- When a sudden influx of users generates a lot of data and the memory of the machine storing the session is full, memcache will strike, and if all keys are not expired, the last written data will be overwritten, and redis will just slow down , will not affect the logic of the program