Can creating multiple sessions affect user performance?

Asked

Viewed 57 times

0

My site creates named sessions for each page to be used in requests and stores unique tokens generated each time the page is accessed and other data.

Example:

$_SESSION['RSD']['page_username_id'] = ...

But if the user, open a new browser tab with this same page, the session is recreated with new data, so it is no longer possible to make requests on the same previous page that is still open, because the page token has been changed, and I don’t want this! I would like the user to be free to access the same page in several tabs if you prefer!

I thought of generating a unique name for each session as soon as the page is loaded, but this would create many, many sessions.

So I’d like to know if creating multiple sessions can really affect the user’s performance, or if there’s another solution where you can have the same result of creating something that provides the single token each time the page is loaded and do not prevent the user to open other tabs of the same page, thus allowing to make requests.

  • Put yourself in the user position and see if this is good. I particularly don’t like it, because it takes away the user’s freedom. Unless it’s something strict, he can’t open another tab.

  • @Dvdsamm pardon, I think I expressed myself badly, this is happening, and this is exactly what I want to solve, as in the question I thought to add more unique characters at the end of the session name, for this does not happen, but would accumulate many and many sessions until the user closes the browser. I updated the question to see if it makes sense

1 answer

2


When you create a session in PHP, it creates a cookie in the browser that is returned to you in every request. This session data is not sent to the user, he receives a code and forwards it to his server in other requests. Summarizing: This data is in a physical file on the Server and not in your client’s browser.

I’ve worked a lot with session in php, but had problem when it reached large numbers of simultaneous users. And when I checked, I had to do load balancing. And at that time the session got in my way a lot, so I started to study how to control sessions and I saw several ways, and I found one very interesting and safe that I currently use, if you’re interested take a look at JWT.

But by answering your question, it can impact on a general level if it has many accesses, and it will impact everyone once because the bottleneck is on the server. With JWT, you wouldn’t have that kind of problem.

  • One question, is about that key that is used to confirm the JWT data, always use only one is not legal in security, in case someone finds out. It would be safe for me to create a password each time the user logs in and stores it only in the database?

  • @Viníciusfile the goal of JWT is to be a token that manages itself, ie it would not be legal to query your database at each request just to see if the token is valid (unless cases where it is done session control in the application). You can devise a control of how the key works, for example. Every hour you generate a new key, and your token interval is 20 minutes. Then you could check the current key, and in case the time of the token has not expired you do the check using the previous key. So you can rotate the key, and create an algorithm for it to be generated.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.