将会话存储在与应用程序相同或不同的数据库中?
[英]Store sessions in same or separate database from app?
问题描述
Is it a bad idea to store users' sessions in the same DB as my app? 
将用户的会话存储在与我的应用程序相同的数据库中是个坏主意吗? I'm avoiding having to pay for a second DB at MongoHQ. 我避免在MongoHQ支付第二个数据库的费用。
4 个解决方案
解决方案1
1 已采纳 2013-08-15 08:11:30
Database separation for session handling of anything except really high traffic (definitely more than 100-200 unique visitors :S, try more like 1 million - 2 million every hour) sites could be counted as micro-optimisation. 除了真正的高流量(绝对访问量超过100-200,唯一访问者:S,每小时尝试尝试超过100万至200万个)以外的其他任何会话处理的数据库分离都可以算作微优化。 This is mainly due to the work needed to implement separate connection handling, especially in PHP. 这主要是由于实现单独的连接处理(特别是在PHP中)所需的工作。
Not only that but the PHP driver holds a connection per database (per credentials) which means you are opening more connections, and since connections take a long time to instantiate, it is considered unperformant to open a new connection like this just for sessions normally. 不仅如此,PHP驱动程序还为每个数据库(每个凭据)保留一个连接,这意味着您要打开更多的连接,并且由于实例化连接需要花费很长时间,因此通常只为会话打开这样的新连接被认为是无效的。
As @Derick mentioned rightly so, connections are actually made once per process. 正如@Derick正确提到的那样,每个进程实际上只建立一次连接。 This means that in a fcgi setup of sorts the process of making connections not too much of a problem. 这意味着在fcgi的sort设置中,建立连接的过程不会太大的问题。
Even though this is not much of a problem is still seems a loss of resources for something that isn't needed. 即使这不是什么大问题,对于不需要的东西似乎仍然会浪费资源。
So no, I would not recommend separation of session handling into a different database and I would actually consider it unperformant and micro-optimisation. 因此,不,我不建议将会话处理分离到另一个数据库中,而我实际上会认为它性能不佳且无法进行微观优化。
解决方案2
0 2013-08-15 07:54:48
That doesn't have to be a bad idea. 那不一定是个坏主意。 I'm doing the same most of the time if not only to make sure that you have all the necessary stuff in one database. 我大部分时间都在做同样的事情,这不仅是为了确保您在一个数据库中拥有所有必要的东西。
解决方案3
0 2013-08-15 08:00:50
Idea is not bad while you have not very big number of sessions. 当您没有很多会议时,想法不错。 For example, if you have 100-200 unique visitors in a day. 例如,如果您每天有100-200个唯一身份访问者。
If your site will become popular, may be it`sa good idea to use Redis - is an open source, BSD licensed, advanced key-value store. 如果您的网站将变得流行,那么使用Redis可能是一个好主意-是开源的,BSD许可的高级键值存储。
解决方案4
0 2013-08-15 08:02:47
I don't think so, if I'm not wrong, WordPress and Joomla might be saving the password in the same database too but in different tables. 我不这么认为,如果我没记错的话,WordPress和Joomla可能也将密码保存在相同的数据库中,但保存在不同的表中。 I'm not sure though, looked at the code once so it might need some more validation. 我不确定,但是只看了一下代码,因此可能需要更多验证。 But you enter a database name once, so it's seems obvious that the login details are also in the same database. 但是您只需输入一个数据库名称,因此显然登录详细信息也位于同一数据库中。 And some other code which I can't recall now did the same thing (A administration application for schools. Forgot the name of it). 我现在不记得的其他一些代码也做了同样的事情(学校的管理应用程序。忘记了它的名称)。 All open source code. 所有开源代码。
So you can do it just make sure that you database is as secured as possible and don't save the password in plain text. 因此,您可以这样做,只是确保数据库尽可能安全,并且不要以纯文本格式保存密码。 Do make sure that you use unique salts for everyone just to make it a little harder to access accounts. 确保确保每个人都使用独特的盐,以使其更难以访问帐户。 But I am sure you know that. 但是我相信你知道。
But my conclusion is you can, I learn from others and have seen others who are more advanced do it. 但是我的结论是,我可以向他人学习,并且看到其他更高级的人可以做到。 (open source code) (开源代码)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.