Ideal PHP Session Size

Maximum size of a PHP session

You can store as much data as you like within in sessions. All sessions are stored on the server. The only limits you can reach is the maximum memory a script can consume at one time, which by default is 128MB.

(Similar answers: Ideal PHP Session Size? - some useful comments)

Is there a maximum number of PHP sessions?

Off the top of my head, there should be several limits:

  • The random id generated for each session is of a fixed length, ergo there are only a limited number of random ids available. (I don't know whether PHP will increase the length of the id if it exhausts the number of available ones, I don't think so.) But, that number is ridiculously large, and will likely by far exceed the
  • number of files which can be stored in a single directory, which is limited by the filesystem. Since all sessions are stored as files by default in a single directory, you'll reach this eventually.
  • The size of the disk on which the session data is stored.

I don't think there are any other hard limits on the number of sessions. However, all these factors are much larger than 1000. 1000+ sessions can still be perfectly handled by standard PHP file based sessions. If you notice that is getting a problem, you can exchange the session backend easily. There are pluggable session handlers for memcached or other memory or database based storage systems. You can easily write your own sessions handlers to do whatever you want in any scalable form you need. You can still keep using the standard PHP session functions in your code.

Session Variables: How much data is too much?

Firstly, PHP sessions aren't stored in memory by default, they are stored on disk, so every block/session you write to is going to occupy disk space and not memory (until you use PHP to read the session data).

Yes, you're potentially being more efficient, but not if you want to scale and here's why:

Storing data in sessions

It's perfectly acceptable to store some data in sessions. Theoretically, there is no limit (although I've never tried to break it or even push it, just move to a more efficient solution). You will however, be limited by disk space and PHP memory_limit().

Often, data stored in sessions includes things like:

  • Usernames
  • Hashes
  • Registration dates
  • Other variables (user group ids/keys etc)
  • Flash messages
  • (NOT passwords!)

However, there is a tradeoff. If your traffic (and usage) increases and you're storing a lot of data in $_SESSION, you will very likely start to see problems, both in terms of disk and memory usage.

I don't think there is any issue with what you're suggesting, but beyond the items you've listed and where the examples above overlap, care is required.

If you want to scale (horizontally) and retain disk-based sessions then you have options (sticky sessions or storage area network are a couple) as the disk on one server doesn't store the same sessions as a disk on another server.

Session data location

You can find the location where PHP stores session data by calling: session_save_path()

or on the CLI:

php -r 'echo session_save_path(), "\n";'

You've not mentioned your OS, but common locations for the session files (across different OS types) are:

/tmp 
/var/lib/php5/
/var/lib/php/session
c:/wamp/tmp

Sessions stored on disk usually have filenames that look like this using ls -al:

-rw-------  1 www www      0 2013-07-09 20:12 sess_bdsdjedmvtas5njhr5530b8rq6

It's worth noting that there are often garbage-collection processes that clean out dead sessions after specific periods. It does vary by OS, but they are usually present with various LAMP-based installs.

Other session storage options/approaches

In your database
Session data is often stored in a DB instead of on local disk and this works well for both micro, small and (depending on how it's done) medium sites with a reasonable level of traffic.

Like any other solution it has it's pro's and con's (like being able to ban/kick out a user by running a query rather than deleting a session file from /tmp)

In memory
for larger, (higher traffic) sites and particularly where the volume of concurrent users is high, memory is quicker to read/write to for very frequently accessed variables or data instead of adding undue load to your DB. It can and should still be written to the DB (See write-through caching), but also be held in memory for efficient access.

One technique of particular merit is memory caching. A widely used example PHP-compatible open-source solution is Memcached, which can be used on one server or many [distributed]. I've seen this used by small firms as well as large and you only have to look at who uses it/contributes...

Codeigniter session size limit

To further clarify my comment above, when you elect to save the session data in a database, CodeIgniter doesn't set a cookie (other than the session id of course) but saves all of the information that it would have set in a cookie in your database.

If you have a look at the sess_write in the Session class located in ./system/libraries/, if you have enabled the use of a database, you'll see that it serializes the data using serialize and saves it directly to the database. There is no restriction on length imposed by CodeIgniter when saving to a database.

For your convenience, here's a link to the source code: https://bitbucket.org/ellislab/codeigniter/src/fe2247a927ab/system/libraries/Session.php#cl-252.

The only restriction is set by the field you chose to use to save the data in your database. For more information on the data type storage requirements of MySQL, read this.

Can echo size of SESSION?

$size_of_session_estimate = strlen( serialize( $_SESSION ) );

Now, this is just an estimate, as the serialize handler is not used to serialize sessions, but it also won't be too far off.

That being said, unless you're storing a silly amount of data in the session, you probably don't need to worry about this.

Is it okay to save lots of information in $_SESSION?

The limit of data you can store inside a session is limited by the session storage layer. The default sessions store is the file-system and one session is stored into one file. The name of the session variable/array-key is stored as well as it's data in a serialized form. A pipe symbol separates variable names and values from each other.

If you're storing arrays with strings, then the file will be similar large than the length of the strings plus the length of the keys and a little overhead for meta data as well as the size of the variable names.

The size of a file is limited by the file-system. For example, in EXT3 this are 16 Gigabyte per file. So this is one "too much". You can not store more data into a session than the storage layer allows you to.

The next limit I can think of is the one of your memory. As PHP needs to load the data from the file into the memory and stores it from memory to the file at the end of the request. So if you've got a memory limit in PHP then this will actually limit as well the size of your session. For example, there is a standard memory limit of 16MB in PHP 5.2, but this may vary with your installation.

Using the whole memory for the session only does not make much sense by the way.

Next to these hard limits there might be performance limits which are related to the number of congurent requests, how fast your harddisk is etc.

As your question is pretty short I assume you didn't run into any concrete problems so far, so I think it would be out of scope. E.g. using memcached if you don't really need is would be only overhead. As well as discussing design decisions (never cache in sessions) which can not be answered in general at all.

The 100 or 200 Kilobyte per session (locate the session directory on your system and take an actual look how large the files are becomming) should not break your program. As suggested you should take care that old session files that aren't needed any longer get removed after a certain period of time automatically.

To learn more about your session configuration in PHP please see Session Runtime Configuration in the PHP Manual.

PHP $_SESSION can it hold large files?

The maximum size of a $_SESSION is the maximum memory allowed to a PHP script, but chances are if you even get to 1/3 of that, you're doing something wrong.

$_SESSION, as a rule, should only be used to keep what information is needed by the user for the majority of the site page views. It is highly improbable, that you will actually need a file on each page.

Here's a better option, store a temp file on the disk and assign the path to the temp file in the $_SESSION. Then, when you need it, read the file to the user.

Does a session variable stay in memory in php

No, sessions will be stored default in files (e.g. in /tmp). Of course, you can use the memory with for example memcached. It's also possible to use a database for sessions.

But, if you have enough memory, store your sessions in memory (very fast). Memcached is a great distributed memory object caching system. See http://memcached.org for more information.

And here about the memcached extension for php: http://php.net/manual/en/book.memcached.php


Related Topics

Double Not (!!) Operator in PHP

Getting the First Character of a String with $Str[0]

PHP - Import CSV File to MySQL Database Using Load Data Infile

How to Check That an Object Is Empty in PHP

Multi-Line Strings in PHP

Asynchronous Function Call in PHP

How to Create a Custom Admin Page in Opencart

How to Switch from Post to Get in PHP Curl

PHP - Get Numeric Index of Associative Array

How to Get File Url Using Storage Facade in Laravel 5

PHP Errors Not Being Displayed in the Browser [Ubuntu 10.10]

How to Count the Numbers of Rows That a MySQL Query Returned

Function to Return Only Alpha-Numeric Characters from String

How to Write a Stored Procedure in PHPmyadmin

PHP Mail Using Gmail

Is HTMLentities() Sufficient for Creating Xml-Safe Values

PHP Filesize Reporting Old Size

Using PHP to Get Dom Element


Leave a reply



Submit