This repository contains a set of PHP session save handlers that support locking. I also contains a test suite to prove that they do. Current handlers that can be tested (and their corresponding test mode) are:
- standard
- default (SessionHandler)
Uses the "files" session module (PHP built-in). - memcachedn (NativeMemcachedSessionHandler)
Uses the "memcached" session module (ext-memcached). - redisn (NativeRedisSessionHandler)
Uses the "redis" session module (ext-redis).
- default (SessionHandler)
- strict (docs / rfc)
- files (FilesSessionHandler)
Locks using ".lock" files instead of "flock" calls. - memcached (MemcachedSessionHandler)
Locks using Memcache's atomic "add" operation. - redis (RedisSessionHandler)
Locks using Redis' atomic "setNx" operation.
- files (FilesSessionHandler)
Note that the standard mode testable handlers implement strict mode as well, but can't be tested as strict handlers.
You can install the dependencies of this script using:
sudo apt install php-cli php-curl
Optional dependencies can be installed using:
sudo apt install memcached php-memcached redis php-redis
You need PHP 7.4 or higher to run the code.
This package is on Packagist and can be installed using Composer, using:
composer require mintyphp/session-handlers
You can use the Redis handler by adding these two lines to your PHP code:
ini_set('session.save_path', 'tcp://localhost:6379');
ini_set('session.use_strict_mode', true);
session_set_save_handler(new RedisSessionHandler(), true);
Note that these lines must be executed before the "session_start()" call.
You can run the tests from the command line using:
php run-tests.php
The code will execute in about 1 second per handler and test 104 HTTP calls for each handler. The following output means that the tests succeeded:
standard - default : OK
standard - memcachedn : OK
standard - redisn : OK
strict - files : OK
strict - memcached : OK
strict - redis : OK
The word "FAILED" appears on a failed test and "SKIPPED" is shown when the PHP module is not loaded for either Redis or Memcache.
Use this for 100 runs:
for i in `seq 1 100`; do php run-tests.php silent; done
As shown, you may use the argument "silent" to suppress output on successful or skipped tests.
Below you find a few other implementations of locking Session handlers:
- https://github.com/mevdschee/symfony-session-tests (Symfony "files")
- https://github.com/stechstudio/laravel-raw-sessions (Laravel "files")
- https://github.com/1ma/RedisSessionHandler (Redis)
- https://github.com/colinmollenhour/php-redis-session-abstract (Redis)
- https://github.com/kronostechnologies/redis-session-handler (Redis)
Enjoy!