developer.jelix.org is not used any more and exists only for history. Post new tickets on the Github account.
developer.jelix.org n'est plus utilisée, et existe uniquement pour son historique. Postez les nouveaux tickets sur le compte github.

Opened 12 years ago

Last modified 8 years ago

#490 assigned enhancement

Do not create session when it is not necessary

Reported by: laurentj Owned by: Julien
Priority: low Milestone:
Component: jelix:core:jSession Version: 1.0.2
Severity: normal Keywords:
Cc: Blocked By:
Blocking: Documentation needed: no
Hosting Provider: Php version:

Description (last modified by laurentj)

Sometimes, on a web site, sessions are not required, or only when a module would like to store something in it. So, for some visitors, sessions are created even if it is not used. This is a perf issue : it creates a file or a record which is not useful.

We could have jSession::get($varname) and jSession::set($varname, $value) to read or save session variables. So we use them instead of using directly $_SESSION, and there isn't a session_start systematically.

session_start is called only when calling jSession::set. When we call jSession::get, it should detect if there is a cookie of session. If yes, it execute session_start and return the value from $_SESSION, else it just returns null or "". (of course session_start is called only one time during the execution of an action).

Attachments (1)

490-jSession-start-control.diff (12.3 KB) - added by Julien 12 years ago.

Download all attachments as: .zip

Change History (21)

comment:1 Changed 12 years ago by laurentj

  • Description modified (diff)

comment:2 Changed 12 years ago by laurentj

I think we could have an option "start" in the configuration (in the session section):

  • 0 means no session
  • 1 means automatic session (created only when it is useful)
  • 2 means always create a session (current behavior in jelix)

comment:3 Changed 12 years ago by laurentj

  • Blocking 445 added

comment:4 Changed 12 years ago by Julien

  • Status changed from new to assigned

For me, config parameter "always_start" is ok. Default value is 1 (0 to disable).

About jSession::set() en jSession::get(), why not, but what about existing code in applications calling $_SESSION directly ?

I think that the deal could be :

  • default value of "always_start" is 1, so the behavior is not changed.
  • if "always_start" is 0, then there's no session created, unless we explicitly use jSession::set()

of course, jSession::set() only starts the session once.

NB : for this change to work fine, we have to find/replace all $_SESSION direct calls by jSession::set() in Jelix files (autolocale, auth, etc....).

NB2 : For arrays in session, I don't think we could do something like :

var_dump(jSession::get('cart')['products']); // equivalent to var_dump($_SESSION['cart']['products']);

so we have to do :

$cart = jSession::get('cart');
var_dump($cart['products']);

It's not a big problem, but we have to write a little more ;)

If my solution is Ok, i can implement it in jSession.

comment:5 Changed 12 years ago by laurentj

For me, config parameter "always_start" is ok. Default value is 1 (0 to disable).

I prefer "start", with the three values 0, 1, 2. One advantage of this, that there isn't an issue with existing application which use $_SESSION. Developers can put "2" and so they don't have to change their code (but they don't have the benefit of automatic session of course). If they put "1", they have to change all $_SESSION by the use of jSession. And they can specify "0", for "no session", usefull for command line (see ticket #445, blocked by this one) (or if they don't want to use sessions).

for this change to work fine, we have to find/replace all $_SESSION direct calls by jSession::set() in Jelix files

of course

For arrays in session.. I don't think we could do something like :

no I don't think too.. It's true that it is not really sexy...

comment:6 Changed 12 years ago by Julien

I'm affraid of people don't understanding they have to check/change config file for sessions to work.

For migration safety, we then must set "2" as the default value, so all applications continue to work like today.

So it's like my "always_start" set to 1.

If you put 0 in "start", then sessions will not be available. What if a developer writes something like :

jSession::set('mySessionVar','value');

we should thrown an Exception telling that the session isn't available, right ? I can't think about just doing nothing in that case.

If we do not throw an Exception, then we really should start the session, and then my parameter "always_start=1|0" is enough to cover all cases.

If we throw an Exception, ok, we can use "start=0|1|2" that I will prefer to rename as "start=never|ondemand|always" for better comprehension.

So the question is, when the developper writes jSession::set() and the sessions are "never" started, should we throw an exception or should we start the session to make things right ?

comment:7 Changed 12 years ago by laurentj

For migration safety, we then must set "2" as the default value, so all applications continue to work like today.

Of course...

when the developper writes jSession::set() and the sessions are "never" started, should we throw an exception or should we start the session to make things right ?

Throw an exception. If the developer don't want sessions, then we shouldn't start session.

comment:8 Changed 12 years ago by Julien

Ok I can implement this in jSession and make changes in Jelix to call jSession::set() and jSession::get().

what about start=never|ondemand|always instead of start=0|1|2 ?

comment:9 Changed 12 years ago by laurentj

yes ok for start=never|ondemand|always

comment:10 Changed 12 years ago by Julien

Ok, should be patched in 1 or 2 days.

Changed 12 years ago by Julien

comment:11 Changed 12 years ago by Julien

Here's the patch.

Right now I didn't change the calls to $_SESSION in the jelix core source.

I also added some methods to jSession :

jSession::isDefined('myvar') // like isset($_SESSION['myvar']);
jSession::delete('myvar') // like unset($_SESSION['myvar']);
jSession::destroy() // like session_destroy() + cookie deletion

The problem to me is that we can't do things like :

$_SESSION['myvar']['index'] = 12;
var_dump($_SESSION['myvar']['index']);
isset($_SESSION['myvar']['index']);
unset($_SESSION['myvar']['index']);

or we should think about something like :

jSession::get('part1/part2/part3'); // returns $_SESSION['part1']['part2']['part3'];

but that's probably a perf problem (exploding at char "/" then getting right index recursively).

I'm wondering if we shouldn't simplify this, just by using parameters "never" and "always" because coding is quite heavier whithout the direct calls to $_SESSION and even I we can provide alternative ways, this would impact perfs in my opinion.

Got to go, be back tomorrow to talk about it.

comment:12 Changed 12 years ago by Julien

Just had a look at Zend Framework.

They also have to do ugly thinks like :

<?php
require_once 'Zend/Session/Namespace.php';
$sessionNamespace = new Zend_Session_Namespace();

// assign the initial array
$sessionNamespace->array = array('tree' => 'apple');

// make a copy of the array
$tmp = $sessionNamespace->array;

// modfiy the array copy
$tmp['fruit'] = 'peach';

// assign a copy of the array back to the session namespace
$sessionNamespace->array = $tmp;

echo $sessionNamespace->array['fruit']; // prints "peach"

Ouch !!!

I really want to be able to do things like :

$_SESSION['array'] = array('tree' => 'apple');
$_SESSION['array']['fruit'] = 'peach';

I think we should forget about "on demand" session start right now, until we have a genius idea for dealing with these problems.

I suggest we just patch jSession to disable sessions upon configuration parameter start = 0

What do you think about it ?

comment:13 Changed 12 years ago by laurentj

Ok, why not. So your next patch should be attached to the ticket #445.

comment:14 Changed 12 years ago by Julien

Patch posted for ticket #445.

For the current ticket (#490), what about just implementing this feature :

[sessions]
; to disable sessions, set the following parameter to 0
start = 1

With this, we can disable sessions for any entry point we need.

Should I post that patch in this ticket, or create a new one (because the patch wouldn't solve the "on-demand session start" thing mentioned in the ticket) ?

I really think that the start=0|1 solution is far enough, and we shouldn't try to implement on-demand session start, because that will force Jelix users to write quite ugly code (see previous examples) and I'm not sure that performances will really increase that much.

If we still want something for "on-demand session start", I think we should rather look for some kind of coord plugin with per action params, just like the auth coord plugin.

comment:15 Changed 12 years ago by laurentj

I'm ok for your solution for the moment. However, create a new ticket for that. I would like to keep this ticket open for the moment... Perhaps some features of PHP 5.3 (or PHP6) could help us to resolve this problem in a nicer way..

comment:16 Changed 12 years ago by Julien

Ok see ticket #506

comment:17 Changed 12 years ago by Julien

  • Blocking 445 removed

Ticket #445 is now fixed. Need to remove bloking to close ticket #445.

comment:18 Changed 12 years ago by laurentj

  • Priority changed from high to low

comment:19 Changed 9 years ago by laurentj

  • Milestone set to Jelix 1.4

comment:20 Changed 8 years ago by laurentj

  • Milestone Jelix 1.4 deleted
Note: See TracTickets for help on using tickets.