Sessions¶
Sessions are handled by the Symfony framework, specifically API and underlying session handlers provided by the HttpFoundation component. It's further enhanced in Ibexa DXP with support for SiteAccess-aware session cookie configuration.
Note
Use of Memcached, Redis (or experimentally PDO) as session handler is a requirement in a cluster setup, for details see below. For an overview of the clustering feature see Clustering.
Configuration¶
Symfony offers the possibility to change many session options at application level (for example, in Symfony framework
configuration).
These options include:
cookie_domain
cookie_path
cookie_lifetime
cookie_secure
cookie_httponly
However, in Ibexa DXP you can set up several sites within one Symfony application, so you can also define session configuration per SiteAccess and SiteAccess group level.
Session options per SiteAccess¶
All site-related session configuration can be defined per SiteAccess and SiteAccess group under the ibexa.system.<scope>.session
configuration key:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
|
Session handlers¶
In Symfony, a session handler is configured with framework.session.handler_id
.
Symfony can be configured to use custom handlers, or fall back to what is configured in PHP by setting it to null (~
).
Default configuration¶
Ibexa DXP adapts Symfony's defaults to make sure its session save path is always taken into account:
1 2 3 4 5 6 7 8 |
|
Recommendations for production setup¶
Single-server setup¶
For a single server, the default file handler is preferred.
Cluster setup¶
See shared sessions in the clustering guide.
Handling sessions with Memcached¶
To set up Ibexa DXP using Memcached you need to:
- Configure the session save handler settings in
php.ini
- Set
%ibexa.session.handler_id%
to~
(null) inconfig/packages/ibexa.yaml
Alternatively if you need to configure Memcached servers dynamically:
- Create a Symfony service like this:
1 2 3 4 5 |
|
- Set
%ibexa.session.handler_id%
(orSESSION_HANDLER_ID
env var) toapp.session.handler.native_memcached
- Set
%ibexa.session.save_path%
(orSESSION_SAVE_PATH
env var) tosave_path
config for Memcached
Optionally tweak php-memcached
session settings for things like session locking.
Handling sessions with Redis¶
To set up Ibexa DXP using the Redis you need to:
- Configure the session save handler settings in
php.ini
- Set
%ibexa.session.handler_id%
to~
(null) inconfig/packages/ibexa.yaml
Alternatively if you have needs to configure Redis servers dynamically:
- Set
%ibexa.session.handler_id%
(orSESSION_HANDLER_ID
env var) toIbexa\Bundle\Core\Session\Handler\NativeSessionHandler
- Set
%ibexa.session.save_path%
(orSESSION_SAVE_PATH
env var) to save_path config for Redis
Ibexa Cloud
For Ibexa Cloud (and Platform.sh), this is already configured in config/env/platformsh.php
based on .platform.yaml
config.
If you're on php-redis
v4.2.0 and higher, you can optionally tweak php-redis
settings for session locking.
Ideally keep persistence cache and session data separated:
- Sessions can't risk getting randomly evicted when you run out of memory for cache.
- You can't completely disable eviction either, as Redis then starts to refuse new entries once full, including new sessions.
- Either way, you should monitor your Redis instances and make sure you have enough memory set aside for active sessions/cache items.
If you want to make sure sessions survive Redis or server restarts, consider using a persistent Redis instance for sessions.
Alternative storing sessions in database by using PDO¶
For setups where database is preferred for storing sessions, you may use Symfony's PdoSessionHandler, although it's not currently recommended from performance perspective.
Below is a configuration example for Ibexa DXP. Refer to the Symfony Cookbook for full documentation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
|