Sessions¶
Sessions are handled by the Symfony framework, specifically API and underlying session handlers provided by the HttpFoundation component. It is further enhanced in eZ Platform with support for SiteAccess-aware session cookie configuration.
Note
Use of Memcached, Redis (or experimentally PDO) as session handler is a requirement in a cluster setup, for details see below. For an overview of the clustering feature see Clustering.
Configuration¶
Symfony offers the possibility to change many session options at application level
(i.e. in Symfony framework
configuration).
These options include:
cookie_domain
cookie_path
cookie_lifetime
cookie_secure
cookie_httponly
However, in eZ Platform you can set up several sites within one Symfony application, so you can also define session configuration per SiteAccess and SiteAccess group level.
Session options per SiteAccess¶
All site-related session configuration can be defined per SiteAccess and SiteAccess group (in ezplatform.yml
):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
|
Session handlers¶
In Symfony, a session handler is configured using framework.session.handler_id
.
Symfony can be configured to use custom handlers, or just fall back to what is configured in PHP by setting it to null (~
).
Default configuration¶
eZ Platform adapts Symfony's defaults to make sure its session save path is always taken into account:
1 2 3 4 5 6 7 8 |
|
Recommendations for production setup¶
Single-server setup¶
For a single server, the default file handler is preferred.
Cluster setup¶
See shared sessions in the clustering guide.
Handling sessions with Memcached¶
To set up eZ Platform using Memcached you need to:
- Configure the session save handler settings in
php.ini
- Set
%ezplatform.session.handler_id%
to~
(null_ inapp/config/parameter.yml
Alternatively if you need to configure Memcached servers dynamically:
- Create a Symfony service like this:
1 2 3 4 5 |
|
- Set
%ezplatform.session.handler_id%
(orSESSION_HANDLER_ID
env var) toapp.session.handler.native_memcached
- Set
%ezplatform.session.save_path%
(orSESSION_SAVE_PATH
env var) tosave_path
config for Memcached
Optionally tweak php-memcached
session settings for things like
session locking.
Handling sessions with Redis¶
To set up eZ Platform using the Redis you need to:
- Configure the session save handler settings in
php.ini
- Set
%ezplatform.session.handler_id%
to~
(null) inapp/config/parameter.yml
Alternatively if you have needs to configure Redis servers dynamically:
- Set
%ezplatform.session.handler_id%
(orSESSION_HANDLER_ID
env var) toezplatform.core.session.handler.native_redis
- Set
%ezplatform.session.save_path%
(orSESSION_SAVE_PATH
env var) to save_path config for Redis
eZ Platform Cloud
For eZ Platform Cloud (and Platform.sh), this is already configured in app/config/env/platformsh.php
based on .platform.yml
config.
If you are on php-redis
v4.2.0 and higher, you can optionally tweak php-redis
settings for session locking.
Additional notes on using Redis for Sessions¶
Ideally keep persistence cache and session data separated:
- Sessions can't risk getting randomly evicted when you run out of memory for cache.
- You can't completely disable eviction either, as Redis will then start to refuse new entries once full, including new sessions.
- Either way, you should monitor your Redis instances and make sure you have enough memory set aside for active sessions/cache items.
If you want to make sure sessions survive Redis or server restarts, consider using a persistent Redis instance for sessions.
Alternative storing sessions in database using PDO¶
For setups where database is preferred for storing sessions, you may use Symfony's PdoSessionHandler, although it is not currently recommended from performance perspective.
Below is a configuration example for eZ Platform. Refer to the Symfony Cookbook for full documentation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
|