Re: [PHP] How does php server identify that the particular session belongs to particular user
On Fri, 2010-06-11 at 19:56 +0530, Shreyas wrote: I agree with Ash's comment. You should probably dig in deeper and see if those IPs are indeed valid. Given the way the sites are being attacked (DDoS, SQL Injection et al), you could be seeing one. If you see a high load and your website is accessed by users spread globally, you should try out a Content Delivery Network like Akamai to meet the scale and improve the performance of your web-site without compromising on the end-user's site navigation experience. Regards, Shreyas On Fri, Jun 11, 2010 at 3:06 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Fri, 2010-06-11 at 15:13 +0530, Peter wrote: Hi Ashley, Thanks for your answer. When too many users log in at the same time, the server gets loaded with multiple sessions files that leads to complexity and crashes the server. In such cases how do we handle this ? Thanks in advance Peter Ashley Sheridan wrote: On Fri, 2010-06-11 at 13:01 +0530, Peter wrote: Hi All, My Question is How does php server identify that the particular session belongs to particular user? Please help me out Regards Peter.m All the session data is stored on the server either in a database, file or memory against a unique ID value. The server handles how this is done, and it's likely you won't ever need to get involved with changing how it does things. From the client-side of things; the user agent (browser) sends this unique ID either as part of the URL or with the headers as a post variable, which is why you may see a PHP_SESSION_ID (or something similar) index in the $_REQUEST array when you use session_start() in your scripts. Has this helped? Thanks, Ash http://www.ashleysheridan.co.uk I don't think it's the sessions that are crashing your server, it's more than likely something else. What is the server load when you notice the crashes? How many people are visiting your site simultaneously at that point? Thanks, Ash http://www.ashleysheridan.co.uk It might not even be as bad as that. It could be that you're just hitting the max number of connections that the server is configured to handle, or that the current number of connections is reaching the memory limit. Maybe the sessions are set up to be stored in files on the server on a separate partition, and that has reached capacity? There are a number of reasons which could cause the server to appear that the sessions are causing a problem that is not a DDoS attack ;) Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] How does php server identify that the particular session belongs to particular user
Agreed. I was just speculating; may be I over -speculated it ;) Regards, Shreyas On Fri, Jun 11, 2010 at 8:18 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Fri, 2010-06-11 at 19:56 +0530, Shreyas wrote: I agree with Ash's comment. You should probably dig in deeper and see if those IPs are indeed valid. Given the way the sites are being attacked (DDoS, SQL Injection et al), you could be seeing one. If you see a high load and your website is accessed by users spread globally, you should try out a Content Delivery Network like Akamai to meet the scale and improve the performance of your web-site without compromising on the end-user's site navigation experience. Regards, Shreyas On Fri, Jun 11, 2010 at 3:06 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Fri, 2010-06-11 at 15:13 +0530, Peter wrote: Hi Ashley, Thanks for your answer. When too many users log in at the same time, the server gets loaded with multiple sessions files that leads to complexity and crashes the server. In such cases how do we handle this ? Thanks in advance Peter Ashley Sheridan wrote: On Fri, 2010-06-11 at 13:01 +0530, Peter wrote: Hi All, My Question is How does php server identify that the particular session belongs to particular user? Please help me out Regards Peter.m All the session data is stored on the server either in a database, file or memory against a unique ID value. The server handles how this is done, and it's likely you won't ever need to get involved with changing how it does things. From the client-side of things; the user agent (browser) sends this unique ID either as part of the URL or with the headers as a post variable, which is why you may see a PHP_SESSION_ID (or something similar) index in the $_REQUEST array when you use session_start() in your scripts. Has this helped? Thanks, Ash http://www.ashleysheridan.co.uk I don't think it's the sessions that are crashing your server, it's more than likely something else. What is the server load when you notice the crashes? How many people are visiting your site simultaneously at that point? Thanks, Ash http://www.ashleysheridan.co.uk It might not even be as bad as that. It could be that you're just hitting the max number of connections that the server is configured to handle, or that the current number of connections is reaching the memory limit. Maybe the sessions are set up to be stored in files on the server on a separate partition, and that has reached capacity? There are a number of reasons which could cause the server to appear that the sessions are causing a problem that is not a DDoS attack ;) Thanks, Ash http://www.ashleysheridan.co.uk -- Regards, Shreyas
