Am 21.05.2013 08:59, schrieb A.L.E.C:
On 05/20/2013 09:18 PM, Reindl Harald wrote:
We use custom session handler for a reason and we'll not change that
and the reason is?
- security
seriously?
you think you know more about security than me and how do secure vhosts - forget it!
hint:
- sessiondata is never in open_basedir
- the application has no access to sessiondata (your concept has!)
- you can easily configure per vhsot-sessiondata
- scalability
this is a bad joke
my /var/www/sessiondata is a RAM disk since years my cleanups are outside PHP and relieable
the system would be much more scalable and is much more scalable with *not* using MySQL for storing sessions and RC is performance wise the weakest part of the whole infrastructure
(besides the fact that it does no longer work on F18/PHP5.4/MariaDB)
- we can store session in memcached too
so what
- no session file locking (parallel requests do not wait)
and no integrity and cleanups or how do you explain me the 5000 records in the session table on a server with a few users after some months?