Why most applications used to save/manage sessions in database?

aamiri · April 28, 2012, 12:30pm

Hello…

When i see the code of most famous CMS and forums; i see they used to save the sessions in DB instead of Hard Disk.

While we can specify the save location of sessions by “session save path” directive in the user’s hosting space on server; to avoid the session conflict problem in share host servers, while they still persist on saving sessions in DB?

in YII, it seems the default is saving the sessions on hard Disk.

Managing the sessions on hard disk seems to have lower load on server, but i am just scared to do that.

dniznick · April 28, 2012, 9:24pm

Security?

Psih · April 28, 2012, 9:53pm

Because when you scale things up - you need a central session storage and the DB is the logical choise (people rarely use haproxy and stuff)

aamiri · April 29, 2012, 4:38am

Thanks, but your reply is not clear for me.

If we specify a directory in the "web hosting" space, as central storage space for sessions. Which kind of problems or troubles we may have?

aamiri · May 2, 2012, 3:54pm

Thank you "psih".

now i got your mean.

DB as a centeral session storage will be so good when the application grows and should be distributed on more than one servers.

wisp · May 2, 2012, 4:46pm

security (cookie hijacking)
information (one central database of user settings can be useful in monitoring behavior)
easier to reproduce bugs (you can login as a particlar user, including all the settings)
when rebooting the server the tmp folder is cleared and sessions are gone (happens a lot on virtual hosting like cloudhosting)

etc etc