I'm running a PHP application on Heroku and handling sessions using Memcachier add-on.
What Works:
- Memcachier successfully keeps users logged in through new deployments to Heroku.
What Doesn't Work
- Users will get logged out randomly throughout their time in the web application.
How do I get the user sessions to stay logged in (until the user logs out - or some other automatic login policy we put in place)?
Memcache is not recommended for storing sessions as it is a cache and not a persistant cache. What this means is that any key/value pair can get pushed out by new pairs if the cache is full. To get session persistance either switch to a different memcache server (with persistance) or store you sessions differently (eg: in a database)
Related
I'm using Laravel 5.1.34 with sessions stored using the file driver and I'm experiencing some weird behaviours on my production server:
Quite randomly the logged user session expires and the user gets kicked out, even after a few seconds of activities.
It happens for instance with the admin user.
Could it be that using the same credentials from different browsers might invalidate the session for the latest user who logs in?
I've tried to find something about it on the internet but with no luck.
I am running two linux instances behind an ELB. My app has facebook login as a way of signing up. On the live environment, the user signs up from one instance, session is created for that but the redirection happens on the second instance a lot of times resulting in null session from facebook as that session is there on the first instance.
Help me fix this. This is very crucial to our product.
Arguably, the most correct answer is that you should not design web applications without a proper session database that is accessible to all of the web application servers.
However, ELB provides a workaround for this oversight, known as "sticky sessions" (or "session affinity").
By default, a load balancer routes each request independently to the application instance with the smallest load. However, you can use the sticky session feature (also known as session affinity) which enables the load balancer to bind a user's session to a specific application instance.
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_StickySessions.html
Of course, if an application server fails, or is taken offline for maintenance, your user still has an invalid session... but for the most part, this feature should accomplish what you want.
My app is using Facebook login, it works perfectly fine with 1 dyno. But when I increase the number of dyno, the app often forget that I have already logged in. I suspect that the dynos doesn't recognize my session from other dynos.
You need to use some sort of shared session storage like memcached or DB sessions storage. The default disk storage does not scale to multiple dynos.
I'm writing a JQM web app with a PHP web service. Users will be able to sign-in and register that they've made a purchase of, for instance, a soda from the club. This info will be stored in a database and eventually billed.
To illustrate what I want to do: I have already implemented this as an Android app. My "session handling" in the Android app consists of simply storing the user's credentials in Android's savedPeferences (persistent local storage) upon succesful authentication with the server. These credentials are then resent with every subsequent server request so that users only ever have to sign-in once - upon running the app for the first time.
I want to mimic this behavior in my JQM app as closely as possible. Ideally, the user should only ever have to sign in once unless they choose log out.
I'm a bit rusty when it comes to website programming, so what would be the best approach? Non-expiring cookings? Do I use a PHP session or handle everything in javascript?
This is for a hobby project; I prefer a simple solution over something overly secure and complex. Thanks!
Edit: After reading Mike's answer I stumbled across this plugin: https://github.com/carhartl/jquery-cookie
Perhaps this is the easiest way to keep users logged in..?
PHP sessions are going to be invalidated after a set amount of time (depending on your php.ini settings or any runtime modificatoins to the settings).
You can use long-time expiring cookies to persist a login (typically user is given checkbox at login to allow their login credential to be stored).
Since you are developing for a mobile device, you do also have the alternative of using HTML5 local storage since most every Android browser out there supports it. See more info at the link below.
HTML5 Local storage info
I prefer this as the login hash could be persisted even if the user clears their browser cookies and it can be handled strictly within Javascript.
On a Linux-hosted sever, I have the same web app installed on two user's accounts (http://host.com/~linux_user)
As you might guess, I have problems because sessions are shared between user accounts.
From now on, I'll store them as a session array ($_SESSION['linux_user']['my_data']).
Is this a good approach?
You can also get rid of the problem with using a custom session handler, which handles session storage as you want it to : database, memcache...
More info here : http://php.net/manual/en/function.session-set-save-handler.php
"From now on, I'll store as session array $_SESSION['linux_user']['my_data']. Is this a good approach?"
No, as those session variables will only be available in one user account. What you need is a single-sign-on technology, like if you want to stay logged in over multiple domains. For example you may use OpenID.
Or you store the PHP-session at an explicit location (within the filesystem or in a database).
But why/how do you have the PHP-app installed into two different user accounts? If I set up an Apache web-server, it runs as a separate user…