Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there currently – or has there ever been – any serious or significant problem with PHP’s built-in session handling?
I mean, it’s always worked for me and my projects.
But I see some codebases and frameworks out there seem to use a custom handler. Is this reinventing the wheel? Or improving on some flaws? What flaws?
No problems with the built-in handlers. Access and deletion of old session files are implemented well.
File based session handling works fine for single server websites. Problems may arise when applications need to be run on multiple servers (scaled out). A master database can be used to store and provide session information across multiple servers. This can make things easier when an application is scaled out. Custom session handlers can be used to interact with the database.