Accessing Session variable and performance

Question

I have a web application inside where i need to check whether the user has sufficient permissions / roles/rights to access the page. I had set the users rights in a table with USER_ID , ROLE_ID . and when a user is logging in to the application, I will be reading the records for this user and the construct a string and assign to a session variable. When the logged in user access each page, I will read the value from session variable and then parse the string and then check whether this user has sufficient rights assigned to it.

Now I afraid whether accessing the session variable in every pages load would affect the performance. Is there any alternative way to solve this?

Answer 1

You should see a net gain in performance.

It will take some resource to load the session, but that will usually be much less than the resources required to retrieve a record from the database, which can involve creating a connection, authenticating, parsing the query, retrieving a record and sending it over a network. Compared to that, taking a session file off the hard drive is much quicker.

It does sound like you're trying to optimize prematurely. You should wait a while then monitor to see where your bottlenecks really are.

Answer 2

no, it won't affect the performance of your site in a noticable way (unless you have hundreds of users per second).

but i noticed something:

(...) I will be reading the records for this user and the construct a string and assign to a session variable. When the logged in user access each page, I will read the value from session variable and then parse the string (...)

a-ha! see, sessions are nothing but strings that are encoded and parsed on session_start() (normally, serialize() and unserialize() are used for this). you don't need to manually encode the data you're going to store in the session, it's done for you (and definitley faster than any custom method, because these features are implemented in the core).

Answer 3

If you use the native session handler of PHP the session data probably will be retrieved on every request the session is used, regardless of whether you access the session data or not. And as the default session handler uses files to store the data in, it will cause to read the file on every request too.

If you want to optimize this, you could use some kind of cache where you store the sessions in. Maybe a memory cache like APC or Memcache (see also this comment to the session_set_save_handler function ).

Answer 4

Adding to what Greg said above.

There are 2 types of sessions in php. Sessions stored in a database and sessions stored in a file (usually in /tmp/session_something);

Database option has overhead in creating a socket and sending/retrieving the data. It has advantages such as a session being able to be persitant across multiple servers/machines.

The second option of the session info being stored into a file is probably the best for performance because a OS like Linux can cache/buffer read writes to a file in memory.

So short answer is, dont even worry about it the overhead is nothing, not to flame bait, but if you really cared about performance you wouldn't use PHP.