Sessions are handled by the Symfony2 framework, specifically API and und= erlying session handlers provided by HTTP Foundation component. T= his is further enhanced in eZ Platform with support for siteaccess-awa= re session cookie configuration.
Use of Memcached (or experimentally using PDO) as session handler is= a requirement in Cluster setup, for details see below. For an overview of = clustering feature see Clustering= .
Symfony offers the possibility to change many session options at applica=
tion level (i.e. in Symfony framework configuration), such as:
cookie_domaincookie_pathcookie_lifetimecookie_securecookie_httponlyHowever as eZ Platform can be used for setting up several web sites with= in on Symfony application, session configuration is also possible to define= per siteaccess and SiteGroup level.
All site-related session configuration can be defined per siteaccess and= SiteGroup:
ezpublish:
system:
my_siteaccess:
session:
# By default Session name is eZSESSID{siteaccess_hash}
# with setting below you'll get eZSESSID{name},
# allowing you to share sessions across SiteAccess
name: my_session_name
# These are optional.
# If not defined they will fallback to Symfony framework co=
nfiguration,
# which itself fallback to default php.ini settings
cookie_domain: mydomain.com
cookie_path: /foo
cookie_lifetime: 86400
cookie_secure: false
cookie_httponly: true=20
In 5.x versions prior to 5.3 / 2014.03 the following siteaccess aware se= ssion setting where available:
ezpublish:
system:
my_siteaccess:
# By default Session name is eZSESSID{siteaccess_hash}
# with setting below you'll get eZSESSID{name},
# allowing you to share sessions across SiteAccess
# This setting is deprecated as of 5.3
session_name: my_session_name=20
In Symfony, a session handler is configured using framework.sessio=
n.handler_id. Symfony can be configured to use custo=
m handlers, or just fallback to what is configured in PHP by setting=
it to null (~).
eZ Platform uses the same default configuration as recent versions of Sy= mfony standard distribution. This makes sure you can configure sessions pur= ely in PHP by default, and allows Debian/Ubuntu session file cleanup cronjo= b to work as intended.
framework:
session:
# handler_id set to null will use default session handler from php.=
ini
handler_id: ~=20
For single server, default handler should be preferred.
For Cluster setup we need = to configure Sessions to use a backend that is shared between web servers a= nd supports locking. Only options out of the box supporting this in Symfony= are the native PHP memcached session save handler provided by the php-memc= ached extension, and Symfony session handler for PDO (database)= .
For setting up eZ Platform using memcached you'll need to configure the = session save handler settings in php.ini as documented here, optionally tweak php-mem= cached session settings.
EXPERIMENTAL
For setting up eZ Platform using Redis pecl package you= 'll need to configure the session save handler settings in php.ini as docum= ented here.
While not currently our recommendation from performance perspective, for=
setups where Database is preferred for storing Sessions, you may use Symfo=
ny's PdoSessionHandler.
Below is an configuration example for eZ Platfor=
m, but please refer to documented in Symfony Cookbook documentation for full documen=
tation.
framework:
session:
# ...
handler_id: session.handler.pdo
parameters:
pdo.db_options:
db_table: session
db_id_col: session_id
db_data_col: session_value
db_time_col: session_time
services:
pdo:
class: PDO
arguments:
dsn: "mysql:dbname=3D<mysql_database>"
user: <mysql_user>
password: <mysql_password>
session.handler.pdo:
class: Symfony\Component\HttpFoundation\Session\Storage\Handler=
\PdoSessionHandler
arguments: ["@pdo", "%pdo.db_options%"]=20
session.handler.pdo service