0

I have a application consisting of HTML (AngularJS) client and PHP backend. All communication between client and server is done using XMLHTTPRequests (of course except of loading first HTML file and static resources - JS/CSS...). Server exposes some API endpoints and client makes request to these URL. Once server receives request, it checks $_SESSION to check if user is logged in.

My question is, is it possible that reading (not writing to) from $_SESSION upon almost each request could cause major hangs in responses? For instance, the application works for several requests and then random request is sent and response is received after minutes (15 is record so far). It also seems that the request is processed that late (according to dummy error_log test), so the slowdown is not caused by operations in PHP my code.

Maybe it is a stupid question, but I've already doubled apache's ServerLimit (1000) but no luck. I also have another PHP application on this server which works fine, the only difference I could think of is the working application is barely checking $_SESSION in combination of XMLHTTPRequests.

PHP version: 5.3.3

ladar
  • 5,858
  • 3
  • 26
  • 38
  • 1
    How are sessions configured? Are they being written and read from files, database or is there another mechanism? If you're reading/writing to sessions based on file storage, the first slowdown that will occur in your application is that everything will wait for the harddrive to return read information. Given the fact most mechanical drives can do such a thing 300 times per second - yes, it's quite possible that it's not your software but a hardware problem. – N.B. Oct 04 '13 at 09:22
  • Thank you for comment. It is file based. I understand HW limits, but that shouldn't cause 16 minutes delay (hopefully) and the overall load no server is really low. – ladar Oct 04 '13 at 09:32
  • It's difficult to tell what exactly causes such a huge slowdown, it might be your code, it might be hardware fault, you'll have to check which process takes up so much time to complete and take it from there. Good luck though :) – N.B. Oct 04 '13 at 09:38

1 Answers1

1

I could not find a specific reason for your problem but there if you are using php 5.1.x it loads all session data in to memory at session_start() . As a result of this file access in the entire server will be delayed .

If your server php version is not 5.1 and if it is latest 5.4 or .5 then , the possible problem would come due to creation of large number of session temp files .

This some times causes problems with filesystem limits in operating system . so you need to set the session time out to less period .

Also while reading there will be much load on the operating system .

This can be achieved by using config parameter session.gc_maxlifetime

PHP runs garbage collection on expired sessions after the current session is loaded and by using session.gc_probability and session.gc_divisor it calculates the probability that garbage collection will run.

So set session maxlife time to max 1 and see the performance .

Because of this reason most of the web applications provide an option called remember me.

And those applications usually replaces session_start and enforces a timeout if user is idle for a particular span of time .

Hope this helps

References : -

Session time out best practices

Session Clustering White paper

Community
  • 1
  • 1
Aravind.HU
  • 9,194
  • 5
  • 38
  • 50
  • Lot of information to investigate, thanks a lot! I'll try it. P.S.: PHP is 5.3.3, I'll update the question. – ladar Oct 04 '13 at 10:09
  • if I understand correctly, I should: - use session_start() once when user is logging in - set session.gc_maxlifetime to some custom value - after session.gc_maxlifetime, session is destroyed and user will have to log in again? Right now each HTTP request triggers session_start() call so that's is not optimal, right? – ladar Oct 04 '13 at 10:27
  • Ohh yes you need not do session_start() every time , once is sufficiant , I think if you keep creating session_start every time when user requests for every user then it creates a huge lump of session temp files and slows down to system – Aravind.HU Oct 04 '13 at 10:31
  • Well problem is, that almost each request modifies response if user is logged in and in case I won't call session_start(), I won't get information if he is logged in. I guess I have to modify my code to handle it differently. P.S. Changing session.gc_maxlifetime to 1 does not make any difference – ladar Oct 04 '13 at 10:45
  • @ladar can you share the code on how you are setting max time for me it worked and also for which config file you have changed , there will be more than one , 1 > for cli 2 > apache so can you double check where you have exactly changed – Aravind.HU Oct 04 '13 at 11:19
  • Sorry for misleading information, by no difference I meant it didn't help but the change was taken into account. I have limited options to set it on production (as localhost does not suffer of this issue) server but using ini_set() before any session manipulation. Then I called ini_get() to confirm the change. – ladar Oct 04 '13 at 12:07