55

As the title says, are there limits (if any) for session variables or they're considered as usual variables and can store equal amount of data?

I'm looking if there are any other limits aside from variable type ones like max length, max values and so on.

P.S. If the question is unclear, please let me know.

Thanks in advance!

tomsseisums
  • 13,168
  • 19
  • 83
  • 145

4 Answers4

54

As @Thariama said, there's no limit on the number of variables; also, there's no limit on the amount of data you can store in a session (I've seen sessions tens of MB in size).

As the size of a session gets larger, you'll run into various quirks though: PHP 5 deserializes the whole session into memory at session_start() (using the default session handler - you can make you own solution, of course); with a 20 MB session and 50 concurrent users, your scripts start to be severely limited by disk access speeds (a.k.a. "script startup is slow as molasses" - the sessions alone would be hogging a GB of RAM); in the end, we dedicated a box to keep as many sessions as possible in its RAM, and the frontend boxes accessed them over NFS (although it helped in our case, this may be overkill for you).

Note that for many concurrent users and session storage on disk, the number of session temporary files may cause problems with filesystem limits (e.g. how many files can be in one directory before you run into problems with stat() performance), or other limits (we once found the hard way that a box was configured to only allow 4096 open files at the same time). None of this is really session-specific, but can be triggered by session handling.

Community
  • 1
  • 1
Piskvor left the building
  • 91,498
  • 46
  • 177
  • 222
15

No, there is no limit on much space a session may have (or how many variables a session may possess). The only limit is the specs on your computer, this is defined by your available memory_limit in your php.ini . Be aware that this space will be shared among all sessions for all users.

Thariama
  • 50,002
  • 13
  • 138
  • 166
8

It is completely specific to your web-server. For Apache, look here:

http://httpd.apache.org/docs/trunk/mod/mod_session.html

It even allows sessions to be stored in database by using mod_session_dbd. Therefore physical limits like 1 file per session can be overcome. Moreover, Apache can be configured to keep track of per user sessions stored on a particular server or group of servers for scalability.

dcaswell
  • 3,137
  • 2
  • 26
  • 25
shamittomar
  • 46,210
  • 12
  • 74
  • 78
  • You could write your own session handlers in PHP to do that - although a compiled module might more effective. – Piskvor left the building Nov 25 '10 at 08:33
  • 5
    @shamittomar: If the downvoter didn't leave a comment, they probably won't leave one even if you ask them. For single downvotes, I wouldn't worry about it - just a clueless/random/drive-by downvoter. – Piskvor left the building Nov 25 '10 at 08:38
  • +2/-1 at the moment; could we take the discussion about SO's functioning to http://meta.stackoverflow.com ? There are plenty of useful answers about voting there. – Piskvor left the building Nov 25 '10 at 08:49
  • Downvoted because we're talking about PHP sessions. This Apache module has absolutely nothing to do with PHP. –  Apr 16 '15 at 16:26
3

The simple answer is no. (That is, they have no more restrictions than any other PHP variable has... must fit into memory, etc.)

However, keep in mind that $_SESSION data is stored somewhere, by default as serialized data in one file per session. So there are practical limitations. You wouldn't want to store a huge blob of information in them because they would be loaded/saved from the data store on every page that uses session_start().

Matthew
  • 47,584
  • 11
  • 86
  • 98
  • Can template data be considered as a "huge blob"? And more precisely, my template data is fetched with `file_get_contents();` from a HTML file. Mostly it won't be larger than some KB's, but in future it could turn out that I have to load a lot larger templates in this session variable. – tomsseisums Nov 25 '10 at 08:39
  • My main point is that `$_SESSION` data isn't free. Everything you put into it will be loaded on every page view, even if you don't use it. If you need to access that template data on every page view (thus it's going to be loaded into memory in some form), then it really doesn't matter if it comes from the session or somewhere else. I personally wouldn't use sessions for that sort of data, but that's just me. – Matthew Nov 25 '10 at 08:44
  • @Tom: Don't do that. I've seen it, and that way madness lies. Sessions are intended for storing temporary data to which you'll need quick access; templates aren't really temporary (and yes, I'd consider them "a huge blob" in this case). Consider some other caching mechanism for your templates, but don't put them into $_SESSION. – Piskvor left the building Nov 25 '10 at 08:46
  • It's not for caching, but double `POST` prevention. They're unset after the `POST` has been completed. My system for it is pretty weird, agreed. But PRG just won't cut in my case, because I have too much response messages. – tomsseisums Nov 25 '10 at 08:56
  • @Tom: Yes, that's a great use of sessions. Not sure what it has to do with templates though. – Piskvor left the building Nov 25 '10 at 08:58
  • but is it better to keep certain things in the session (like an array of user info) rather than requerying it from a database? – Zeke Nierenberg Dec 19 '12 at 18:01
  • @Zeke, "better" is subjective, particularly with no details. But in general, implementing a proper caching layer via something like memcached is preferred over using the session as a poor man's cache. – Matthew Dec 19 '12 at 18:53