Is it worth the trouble to handle sessions with a DB?

sneakyimp

Some time ago I wrote myself a session-handling class that used a database to handle sessions because I was told that the temporary files created by PHP's default session handling method can be a real performance bottleneck.

It occurred to me recently that my database field for session data (a text field in my case) probably ends up in a file anyway. I'm not exactly sure how MySQL handles text fields but I seem to recall it involved creating a separate file for each record on disk or something. Does anyone know more about this?

And lastly, is using a MySQL database going to mean better performance than the default file-based PHP session handling?

NogDog

I would be somewhat surprised if there were a significant (i.e.: really noticeable in a realistic web environment) performance difference. If the database was only being used for session data and therefore there would be no connection overhead without it, then perhaps there would be a difference worth considering.

Ultimately, I think the main advantage of a database-based session store would be the security aspect (data in a more controlled location harder for nosy people to look at, especially on a shared host). Also, if session data is intended to persist for a significant time, your database backup mechanism would take care of backing up that data, as well.

sneakyimp

Hm. I'm wondering how one might engineer a test for this.