Home » Php » php – Symfony2, Configure pdo session storage in database

php – Symfony2, Configure pdo session storage in database

Posted by: admin July 12, 2020 Leave a comment

Questions:

For my Symfony2 project, i’m using the session storage in a database.

So, i configure my config.yml like that :

framework:
    session:
        handler_id:     session.handler.pdo

parameters:
    pdo.db_options:
        db_table:    session
        db_id_col:   session_id
        db_data_col: session_value
        db_time_col: session_time

services:
    pdo:
        class: PDO
        arguments:
            - "pgsql:host=%database_host%;dbname=%database_name%"
            - "%database_user%"
            - "%database_password%"
        calls:
            - [setAttribute, [3, 2]]

    session.handler.pdo:
        class:     Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler
        arguments: ["@pdo", "%pdo.db_options%"]

All it’s ok, when i login, an entry is created in my database and the sessions works fine.

But, how can i define the lifetime of my session when its in the database ? Why do I have a lot of lines (+50) in my session table, if I only have 4 members on my application ?

How can i configure that ? I just need one session when a member login.

How to&Answers:

You can reduce the number of rows in your session table by running the session garbage collector more frequently.

http://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability

In your php.ini file

session.gc_probability=1

session.gc_divisor=1

session.gc_maxlifetime=36000

These settings will run the garbage collector with 100% probability, which is not recommended for production but you should be able to verify it works and tweak the settings as needed.

Answer:

I think the number of rows is not dictated by session lifetime, at least not entirely.

The major reason for so much rows is protection from session hijacking. So, if you close the browser and come back to your web-site, session is not just being taken for granted but regenerated instead.

Are you using FOSUserBundle for authentication? I know for sure that it supports configuration of session hijacking protection…

EDIT:

chrsva mentioned it here:
How does Symfony2 session fixation work?