PHP Sessions with Memcached

Have you ever thought or came across a requirement to store PHP sessions in Memcached? In-memory storage provided by Memcached makes it ideal candidate for PHP session storage. Please read on to find out how to configure PHP for using Memcached as session storage.

We came across a requirement for common session storage for our application deployed on AWS. A common scenario in AWS deployment has traffic routed to multiple EC2 instances via Application Load Balancer (ALB). Generally we would use “Stickiness” feature provided by Target Groups. It works fine if you have single domain. User is always routed to same server where their session data is stored. But our application has 3 domains which use common login. With multiple domains and routing rules, ALB can’t keep routing user to same EC2 instance. So user will not land on same server every time and would be logged out if landed on different server. With dependency on EC2 instance we can’t scale our application.

So we needed a common session storage, independent of EC2 instances. We decided to leverage Elasticache service for that. We created Memcached cluster to store sessions and configured PHP to use it as session storage. We expected this to be straight forward exercise as we had used Memcached before for caching dynamic data previously. We changed following PHP configurations.

/etc/php-7.0.ini
session.save_path = "xxxxxx.ksoqsc.cfg.usw1.cache.amazonaws.com:11211"
Use your Memcached cluster endpoint here.

session.save_handler = memcached

/etc/httpd/conf.d/php.conf
We found that the settings we changed in php-7.0.ini are overwritten by settings in php.conf. So we commented out session save path and handler overrides as below.

#php_value session.save_handler "files"
#php_value session.save_path    "/var/lib/php/7.0/session"

However, there are always some surprises. After moving sessions to Memcached, it started affecting our website speed. Some pages which use sessions became very slow. After some research on internet, we found that couple of PHP settings needs to be tweaked to solve this problem.

/etc/php-7.0.ini
session.lazy_write = Off
When set to On, it means that session data is only rewritten if it changes.

/etc/php.d/50-memcached.ini
memcached.sess_locking = Off

When locking is On, session file is locked for read/write during script execution. Lock is released when script execution ends.

After turning Off both lazy_write and sess_locking, our website was back to normal speed. As mentioned above, these settings are there for good reasons. But turning them off didn’t cause any adverse effect to our website. It should be okay to turn them off for most websites. However, you should use your own judgement while changing them based on nature of your website and traffic you get.