Store sessions in same or separate database from app?
Question
Is it a bad idea to store users' sessions in the same DB as my app? I'm avoiding having to pay for a second DB at MongoHQ.
4 answers
solution1
1 ACCPTED 2013-08-15 08:11:30
Database separation for session handling of anything except really high traffic (definitely more than 100-200 unique visitors :S, try more like 1 million - 2 million every hour) sites could be counted as micro-optimisation. This is mainly due to the work needed to implement separate connection handling, especially in PHP.
Not only that but the PHP driver holds a connection per database (per credentials) which means you are opening more connections, and since connections take a long time to instantiate, it is considered unperformant to open a new connection like this just for sessions normally.
As @Derick mentioned rightly so, connections are actually made once per process. This means that in a fcgi setup of sorts the process of making connections not too much of a problem.
Even though this is not much of a problem is still seems a loss of resources for something that isn't needed.
So no, I would not recommend separation of session handling into a different database and I would actually consider it unperformant and micro-optimisation.
solution2
0 2013-08-15 07:54:48
That doesn't have to be a bad idea. I'm doing the same most of the time if not only to make sure that you have all the necessary stuff in one database.
solution3
0 2013-08-15 08:00:50
Idea is not bad while you have not very big number of sessions. For example, if you have 100-200 unique visitors in a day.
If your site will become popular, may be it`sa good idea to use Redis - is an open source, BSD licensed, advanced key-value store.
solution4
0 2013-08-15 08:02:47
I don't think so, if I'm not wrong, WordPress and Joomla might be saving the password in the same database too but in different tables. I'm not sure though, looked at the code once so it might need some more validation. But you enter a database name once, so it's seems obvious that the login details are also in the same database. And some other code which I can't recall now did the same thing (A administration application for schools. Forgot the name of it). All open source code.
So you can do it just make sure that you database is as secured as possible and don't save the password in plain text. Do make sure that you use unique salts for everyone just to make it a little harder to access accounts. But I am sure you know that.
But my conclusion is you can, I learn from others and have seen others who are more advanced do it. (open source code)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.