[horde] memcache session tracking

Michael M Slusarz slusarz at horde.org
Thu Oct 16 17:15:57 UTC 2008 

Quoting Andrew Morgan <morgan at orst.edu>:

> On Tue, 14 Oct 2008, Michael M Slusarz wrote:
>
>> Quoting Andrew Morgan <morgan at orst.edu>:
>>
>>> Should I merge the change in v1.24 of SessionHandler/memcache.php as well?
>>
>> It would not hurt.  The main differences is that we do explicitly  
>> do garbage collection right before we provide a list of Session  
>> IDs, and we completely honor the 'track_lifetime' param which  
>> speeds things up considerably.  This second change does mean that  
>> if a user is still logged in after 'track_lifetime', their session  
>> will no longer be counted although this has nothing to do with  
>> their actual session data (since it is updated every time the  
>> session is written).
>
> Hmmm, you are right about this.  I have track_lifetime = 1800 right  
> now. If I leave myself logged in more than 1800 seconds (30 mins),  
> my session disappears from the tracking list, even though I'm still  
> logged in.
>
> It doesn't seem like there is a way to update the tracker on an  
> infrequent basis, and it would be a lot of overhead to update every  
> single time the session is written.

Agreed.  This is simply a limitation of the memcache framework.  We  
could build in another variable to the session that is a timestamp of  
when the user last updated the tracking file and, once timestamp +  
track_lifetime is exceeded, will re-enter the information into the  
tracking file.  But this all seems like a bunch of extra overhead for  
very little gain in terms of increased accuracy.

Server admins just need to understand that session tracking at the  
PHP/Horde level is *not* the best way to count sessions, especially if  
preciseness is required.  A much better way would be to count unique  
auth requests from users at the auth backend within a certain  
timeperiod.  Another solution discussed in the past, if using  
imapproxy, is to count the # of connections to imapproxy since there  
should be 1 per user, and these connections will expire in a  
(configurable) of minutes.

> Since destroy() updates the session tracking, I think I'll just  
> increase track_lifetime to 86400 seconds (1 day).  Does anyone see a  
> problem with that, or have other recommendations?

I would go with something slightly less - maybe on the order of 8-12  
hours instead.  Reasoning: try to count users that leave their session  
open all day while not counting users that leave their computers on  
overnight (especially at work).  Although this is probably more  
relevant to session expiration lifetimes rather than just track  
lifetimes.

michael

-- 
___________________________________
Michael Slusarz [slusarz at horde.org]

More information about the horde mailing list