0

I force SSL because of the limitations in PHP sessions because I have AJAX logins (http and https don't keep the same session id on the same site).

Chrome network reports ~150ms in waiting for all resources.

I was able to reduce by 100ms to 150ms from 250ms by enabling keep-alive which was massive.

Are there any other tricks like that that can bring it down further?

Many thanks in advance!

  • How is this vague? HTTPS seems to be pretty specific. Waiting times too. reduce. how. They seem pretty clear to me. I gave a specific example (which should actually be added to the answers). Another poster gave another example. Please reopen. Stack must be hungover today. –  Jan 02 '13 at 02:50

1 Answers1

3

you could use SPDY although is only supported by new browsers. There is a mod_spdy for apache released by google. That would help.

Nevertheless I found weird your statement (http and https don't keep the same session id on the same site). since I have used to have SSL only in the login pages. I never found that problem.

The limitation you are talking about is not of PHP. You cannot do ajax requests across different domains nor schemes (that is called cross site posting). I would recommend you using some technique or to post to a stand only login page and tracking the referrer to send the user back to url they came from.

Community
  • 1
  • 1
Gabriel Sosa
  • 7,897
  • 4
  • 38
  • 48
  • +1. Yes! SPDY is awesome! – Luigi R. Viggiano Jan 01 '13 at 22:24
  • Thank-you for the new knowledge! I can enable CORS (and have been through the agony of finding out that Chrome will only allow process the first CORS response header). My site's a single page site that ideally & in the past loaded HTTP. It would send login information and other secure actions across HTTPS, and I couldn't get http to get $_SESSION variables from the logged in HTTPS. Do you have a workaround? Thanks again. –  Jan 01 '13 at 22:29
  • as I said, in my site you can switch across SSL to non-SSL without issue. Are you sure you don't have this [setting](http://php.net/manual/en/session.configuration.php#ini.session.cookie-secure) in _ON_ ? is the only reason I find for such behavior. Side note: don't try to play with CORS settings...It may fail in some cases and you will be nuts trying to find the issue. – Gabriel Sosa Jan 01 '13 at 22:47
  • Eh, my host doesn't support this. Have any other miracles? Thanks again! –  Jan 02 '13 at 00:20
  • For now (and probably in the future considering it's another goog), this gets the check. Trying to find a way to use it now. If I can get a 50% drop on waiting time, that'd bring me to 75ms, which would be pretty sweet since my wamp gets half that. –  Jan 03 '13 at 00:26
  • thanks! how do you know you host doesn't support this? save a file with `` on it and see if that value appears. if so you may set the value using [php_flag](http://php.net/manual/en/configuration.changes.php) – Gabriel Sosa Jan 03 '13 at 01:50
  • @GabrielSosa cPanel. Hoping for ISP Config 3 unless if there's another cp that supports. –  Jan 03 '13 at 02:39