简体繁体 English

在文件与数据库中存储 session 数据的优缺点是什么？

[英]What is the pros/cons of storing session data in file vs database?

原文 2011-06-28 16:45:32 8 3 php/ asp.net/ python/ ruby-on-rails/ ruby

When building a website, one have to decide how to store the session info, when a user is logged in.在构建网站时，必须决定在用户登录时如何存储 session 信息。

What is a pros and cons of storing each session in its own file versus storing it in a database?将每个 session 存储在自己的文件中与将其存储在数据库中的优缺点是什么？

3 个解决方案

I generally wouldnt ever store this information in a file - you run the risk of potentially swapping this file in and out of memory (yes it could be cached at times) but I would rather use an in memory mechanism designed as such and you are then using something that is fairly nonstandard.我通常不会将此信息存储在文件中-您可能会冒着将这个文件换入和换出 memory 的风险（是的，它有时可能会被缓存）但我宁愿使用 memory 中的机制，然后您就是这样设计的使用相当不标准的东西。 In ASP.Net在 ASP.NET 中

you can use in in memory collection that is good for use on a single server.您可以在适合在单个服务器上使用的 memory 集合中使用。 if you need multiple load balanced web servers (web farm) and a user could go to any other server as they come in for each request, this option is not good.如果您需要多个负载平衡的 web 服务器（网络场），并且用户可以在每个请求进入时将 go 连接到任何其他服务器，则此选项不好。 If the web process restarts, the sessions are lost.如果 web 进程重新启动，会话将丢失。 They can also timeout.他们也可以超时。
You can use a state server in asp.net for multiple server access - this runs outside of your webserver's process.您可以在 asp.net 中使用 state 服务器进行多服务器访问 - 这在您的网络服务器进程之外运行。 If the web process restarts - you are OK and multiple servers access this.如果 web 进程重新启动 - 你没问题并且多个服务器可以访问它。 This traffic going to the state server is not encrypted and you would ideally use IPSEC policies to secure the traffic in a more secure environment.前往 state 服务器的流量未加密，您最好使用 IPSEC 策略在更安全的环境中保护流量。
You can use sql server to manage state (automatically) by setting up the web.config to use sql server as your session database. You can use sql server to manage state (automatically) by setting up the web.config to use sql server as your session database. This gives the advantage of a high performance database and multi server access.这提供了高性能数据库和多服务器访问的优势。
You can use your own sessions in a database if you need them to persist to a long time outside of the normal mechanism and want tighter control on the database fields (maybe you want to query specific fields)如果您需要它们在正常机制之外持续很长时间并且希望对数据库字段进行更严格的控制（也许您想查询特定字段），您可以在数据库中使用自己的会话

Also just out of curiosity - maybe you are referring to sessions as user preferences?也只是出于好奇-也许您将会话称为用户偏好？ In that case research asp.net profiles在这种情况下，研究 asp.net 配置文件

Asp.net does not facilitate storing session in a file, i'm not sure about ror though. Asp.net 不利于将 session 存储在文件中，不过我不确定 ror。 However storing session in the memory( of the same process) is faster than having it in a db.但是，将 session 存储在内存（同一进程）中比将其存储在数据库中要快。 Having it in a DB may give better scallability to your application ( in case you want to deploy your application in a web farm environment - all the servers has a common (db) to look for session).将它放在数据库中可能会为您的应用程序提供更好的可扩展性（如果您想在 web 场环境中部署应用程序 - 所有服务器都有一个公共 (db) 来查找会话）。

This code project article gives very good insight on asp.net session management.这篇代码项目文章很好地了解了 asp.net session 管理。

I'm guessing, based on your previous questions, that this is being asked in the context of using perl's CGI::Application module, with CGI::Application::Plugin::Session.根据您之前的问题，我猜测这是在使用 perl 的 CGI::Application 模块和 CGI::Application::Plugin::Session 的上下文中提出的。 If you use that module with the default settings, it will write the session data into files stored in the /tmp directory - which is very similar to what PHP does.如果您使用该模块的默认设置，它会将 session 数据写入存储在 /tmp 目录中的文件中 - 这与 PHP 所做的非常相似。 If your app is running in a shared hosting environment, you probably do NOT want to do this, for security reasons, since other users may be able to view/modify data in /tmp.如果您的应用程序在共享托管环境中运行，出于安全原因，您可能不想这样做，因为其他用户可能能够查看/修改 /tmp 中的数据。 You can fix this by writing the files into a directory that only you have permission to read/write (ie, not /tmp).您可以通过将文件写入只有您有读/写权限的目录（即，不是/tmp）来解决此问题。 While developing, I much prefer to use YAML for serialization, rather than the default (storable), since it is human-readable.在开发过程中，我更喜欢使用 YAML 进行序列化，而不是默认（可存储），因为它是人类可读的。 If you have your own web server, and you're able to run your database (mysql) server on the same machine, then storing the session data in a database instead of a file will usually yield higher performance - especially if you're able to maintain a persistent database connection (ie using mod_perl or fastcgi).如果您有自己的 web 服务器，并且您能够在同一台机器上运行数据库（mysql）服务器，那么将 session 数据存储在数据库而不是文件中通常会产生更高的性能 - 特别是如果您能够维护持久的数据库连接（即使用 mod_perl 或 fastcgi）。 BUT - if your database is on a remote host, and you have to open a new connection each time you need to update session data, then performance may actually be worse, and writing to a file may be better.但是 - 如果您的数据库位于远程主机上，并且每次需要更新 session 数据时都必须打开一个新连接，那么性能实际上可能会更差，而写入文件可能会更好。 Note that you can also use sqlite, which looks like a database to your app, but is really just a file on your local file system.请注意，您也可以使用 sqlite，它在您的应用程序中看起来像一个数据库，但实际上只是本地文件系统上的一个文件。 Regardless of performance, the database option may be undesirable in shared-host environments because of bandwidth limitations, and other resource restrictions.无论性能如何，由于带宽限制和其他资源限制，在共享主机环境中可能不希望使用数据库选项。 The performance difference is also probably negligible for a low-traffic site (ie, a few thousand hits per day).对于低流量站点（即每天几千次点击），性能差异也可能可以忽略不计。