Memcache and sessions

[spiros]

Testing with both Memcache and Memcached I could get SMF to see the former, but not the latter, so my guess here is that SMF supports only Memcache. Is this correct?

Does it support storing sessions? If that is correct, how do I set it up? Is it on php.ini like this:

Code Select Expand

session.save_handler = memcache
session.save_path = "tcp://localhost:11211"
https://www.php.net/manual/en/memcached.sessions.php

[Arantor]

Correct, there are two different connectors to memcache, one with a d, one without, 2.0 only supports the older one.

SMF's configuration for sessions is either to use the database or use whatever PHP.ini sets, so if you configure sessions in php.ini and then turn off DB sessions in SMF that should do it.

[spiros]

I did it. And unchecked "Use database driven sessions".
But now I cannot log out (or log in in a different browser).

Code Select Expand

AN ERROR HAS OCCURRED!
Session verification failed. Please try logging out and back in again, and then try again.

Reverting to old settings in php.ini recovered log in.

[Arantor]

Hmm, weird, because that should be all you need to do. But it's been a while since I did this.

[drewactual]

MemcacheD  works fine for me and sessions... however you're configured wrong.. simply the IP and the port... self would read:

sessions_save_path = "127.0.0.1:11211"

You can check out the php docs, but I'm almost certain this is the case... one uses http:// leading into the path, and one doesn't.

While using memcached I also use database driven sessions, or, at least irs checked. 

[Arantor]

I couldn't remember for sure; it looked right because if you're using Redis, you do use it with a tcp:// path and I couldn't remember how memcache did it because I moved on from memcache some time ago.

But it wouldn't surprise me if you did it that way rather than with tcp:// or similar.

[drewactual]

I'm sorry I said http when I meant tcp... but I checked it and with memcacheD you simply use IP and Port... this was something that stopped me cold for a while, but since that little discovery its been smooth (knock on wood)  :-)

[drewactual]

not on phone now... can type proper response:

memcache DOES use the tcp connection... memcacheD does NOT.  in your httpd.conf, htaccess, or php.ini set:

Code Select Expand


php_value session.gc_maxlifetime = 96000
php_value session.save_path = "127.0.0.1:11211"
php_value session.save_handler = "memcached"
php_value session.cookie_lifetime = "96000"
php_value session.cookie_secure = "1"
php_value session.entropy_file = "/dev/urandom"
php_value session.entropy_length = "32"
php_value session.hash_function = "0"
php_value session.name = "yoursessioncookiename"
php_flag session.use_cookies = On
php_flag session.use_only_cookies = On
php_flag session.use_strict_mode = On
php_flag session.use_trans_sid = Off


^that's all the code related to sessions.


for SMF i have a separate cookie name, and i have database sessions enabled... 

IF IF IF i was using memachE, it would be:

Code Select Expand



php_value session.gc_maxlifetime = 96000
php_value session.save_path = "tcp://127.0.0.1:11211"
php_value session.save_handler = "memcache"
php_value session.cookie_lifetime = "96000"
php_value session.cookie_secure = "1"
php_value session.entropy_file = "/dev/urandom"
php_value session.entropy_length = "32"
php_value session.hash_function = "0"
php_value session.name = "yoursessioncookiename"
php_flag session.use_cookies = On
php_flag session.use_only_cookies = On
php_flag session.use_strict_mode = On
php_flag session.use_trans_sid = Off

[drewactual]

oh... and make certain memcache(d) is running... it doesn't hurt anything to fire it off..

Code Select Expand

memcached -d -m 512 -l 127.0.0.1 -p 11211 -u nobody


now i can't remember this next bit but i know it's important.. Arantor will know it off the top of his head... but...

MPMWorker running FPM uses 'nobody'... I 'think' a prefork type configuration, or a fastcgi, uses 'user'... i don't know how your server is configured, but if i recall correctly that is important to assign the session to the proper user (either 'user' or 'nobody'), and i KNOW it's tricky with files, else php will send some users off to encounter a 403 instead of whatever page their seeking.

[spiros]

Let me summarize this, to see if I got it right. I use SMF 2, hence it is only MemcachE I can use. In that case, I need to:

1. check on SMF "Use database driven sessions". (this was already so, before MemcachE)
2. Use these settings in httpd.conf, htaccess, or php.ini (does it make a difference which one? Would setting a cookie in php.ini affect other sites? The server has other sites too)

Code Select Expand

php_value session.gc_maxlifetime = 96000
php_value session.save_path = "tcp://127.0.0.1:11211"
php_value session.save_handler = "memcache"
php_value session.cookie_lifetime = "96000"
php_value session.cookie_secure = "1"
php_value session.entropy_file = "/dev/urandom"
php_value session.entropy_length = "32"
php_value session.hash_function = "0"
php_value session.name = "yoursessioncookiename"
php_flag session.use_cookies = On
php_flag session.use_only_cookies = On
php_flag session.use_strict_mode = On
php_flag session.use_trans_sid = Off

Do I need to use a different cookie name (both on SMF and php.ini?) that the one I have set now on SMF?

[spiros]

Also, I see no quotes in this value:

Code Select Expand

php_value session.gc_maxlifetime = 96000

But quotes in this one:

Code Select Expand

php_value session.cookie_lifetime = "96000"

Is this deliberate? Does it make a difference?

[drewactual]

i also run (primarily) 2.0.x.... i use memcacheD with no problems for sessions.  i use the specific code provided in my httpd.conf file...

IF you are using a server with multiple sites AND while using httpd.conf, you'll have to add that code to the virtualhost applicable to that IP address and port.. example:

Code Select Expand


<VirtualHost 127.0.0.1:443>
   php_value session.gc_maxlifetime = 96000
   php_value session.save_path = "127.0.0.1:11211"
   php_value session.save_handler = "memcached"
   php_value session.cookie_lifetime = "96000"
   php_value session.cookie_secure = "1"
   php_value session.entropy_file = "/dev/urandom"
   php_value session.entropy_length = "32"
   php_value session.hash_function = "0"
   php_value session.name = "yoursessioncookiename"
   php_flag session.use_cookies = On
   php_flag session.use_only_cookies = On
   php_flag session.use_strict_mode = On
   php_flag session.use_trans_sid = Off
</VirtualHost>


IF you're using a shared IP address, you'd want:

Code Select Expand


<IfModule php7_module>
<Directory "/home/cccccccc/Public"> <-or absolute to your directory
php_value session.gc_maxlifetime = 96000
php_value session.save_path = "127.0.0.1:11211"
php_value session.save_handler = "memcached"
php_value session.cookie_lifetime = "96000"
php_value session.cookie_secure = "1"
php_value session.entropy_file = "/dev/urandom"
php_value session.entropy_length = "32"
php_value session.hash_function = "0"
php_value session.name = "yoursessionname"
php_flag session.use_cookies = On
php_flag session.use_only_cookies = On
php_flag session.use_strict_mode = On
php_flag session.use_trans_sid = Off
</Directory>
</IfModule>


THAT^ is if you use this in your httpd.conf.... but let's just be simple? add it to your htaccess.... make sure and put it in a php directive... example:

Code Select Expand


<IfModule php7_module>
php_value session.gc_maxlifetime = 96000
php_value session.save_path = "127.0.0.1:11211"
php_value session.save_handler = "memcached"
php_value session.cookie_lifetime = "96000"
php_value session.cookie_secure = "1"
php_value session.entropy_file = "/dev/urandom"
php_value session.entropy_length = "32"
php_value session.hash_function = "0"
php_value session.name = "yourseesionname"
php_flag session.use_cookies = On
php_flag session.use_only_cookies = On
php_flag session.use_strict_mode = On
php_flag session.use_trans_sid = Off
</IfModule>


as far as 'quoted' directives, i don't know why they are like this... you can use boolean in most of these, which is either On, or 1, OR, Off or 0.. I mixed them when for simplicity i should not have.

it's my understanding that directives that are either explicitly boolean (on or off) OR expect ONLY a number don't have to be in quotes, where directives that can possibly have expressions more than just on or off, and more than just a number can be interjected HAVE to be in quotes... i could easily be wrong about this, but the precise code provided is how i'm set up...   

about sessions names: PHP will begin a session as soon as a user touches your site.. that session/cookie is independent of SMF..... IF they log into SMF they will have another cookie added to this, which is the one you set in the SMF backside.  as a for instance, if you click the little lock (if using chrome) on this site you'll be able to list the cookies in use.. you'll see the one following you around as a SMF user, AND you'll see the one php assigns to keep up with what you've done/seen and not.... there are at least two... you'll want them to have different names... you'll also def want sessions.use_trans_sid set to OFF (so it doesn't show the hash in the URL).

that's pretty much all there is to it...

well.... we can get complicated too:

IF you have a device that relies on flat sessions files elsewhere, you can change it in that directory by using user.ini or a lower htaccess... for instance, one of my sites has SMF up front and WP behind it- in a sub-directory... a shopping cart software i use in the WP relies on flat files for sessions, and dynamic (memcache(d)) isn't an option... .so... in user.ini or htaccess for that directory only, i change the php directive to use flat files again.... in only that directory... it works 'very' well. 

[spiros]

Correct, there are two different connectors to memcache, one with a d, one without, 2.0 only supports the older one.

i also run (primarily) 2.0.x.... i use memcacheD with no problems for sessions.  i use the specific code provided in my httpd.conf file...

I understand Memcache is the older version? In my server Memcached was not recognized by SMF, Memcache was.

[Arantor]

There's a lot of confusion here.

There are two *connectors* to memcache - SMF 2.0 recognises the older one for the purposes of caching only. SMF 2.1 recognises both for caching. Neither SMF 2.0 or 2.1 consciously offload sessions to anything; the DB sessions simply says 'use the database or let PHP do whatever PHP is configured to do'. The idea being that if you use memcache for sessions you set this up in php.ini and turn off DB sessions so it all gets handled by PHP.

To be more helpfully confusing, memcache in all flavours has a process called memcached which is the daemon for it.

[drewactual]

mine is running memcached... for sessions.. memcache for cache... SMF doesn't recognize memcacheD- true- for caching.. the SERVER recognized memcacheD, and that is all you need for sessions handling, which is done outside of SMF.  SMF requests or sends the information- either to flat files or to dynamic.. it doesn't care where it goes or how it's handled so long as it's there when it asks- which it is. 

i don't have my head all the way around using 'database driven sessions', but memcacheD works fine with it either checked or not. 

again, and i don't want to sound like a broken record- but make sure it's 'on' and functioning. 

[drewactual]

i am curious as to how Spiros loaded memcached... i had to jump through hoops to get it running on apache2.4 and php7+...

[Arantor]

And this is why I switched to Redis, none of this drama.

[drewactual]

and from what i understand redis is superior... i'd like to know how if you find the time at some point... i always appreciate your knowledge, Arantor.

[spiros]

And this is why I switched to Redis, none of this drama.

Did you use this mod? As far as I know SMF 2 does not support it. https://custom.simplemachines.org/mods/index.php?mod=4119

There are two *connectors* to memcache - SMF 2.0 recognises the older one for the purposes of caching only. SMF 2.1 recognises both for caching. Neither SMF 2.0 or 2.1 consciously offload sessions to anything

I was referring to SMF > Administration Center > Server Settings > Caching displaying "SMF has detected that your server has Memcached installed.", I take this to mean that Memcache(d) is doing something there, even if sessions are not set up. Please correct me if I am wrong.

[drewactual]

it has recognized memcache is available... but don't conflate that with sessions... two different jobs being done by 'somewhat' the same 'critter'.

i hung the php_memcache file... there are three more plus configuration for them to get memcacheD working as a sessions handler... now there may be a package NOW in the RPM library, but there wasn't when i implemented it a couple years ago (when i jumped to apache2.4 and php7). 

i feel it is worth it... it takes quite a load off the server and HDD having to write constantly- which also means speed... i hear redis is even faster and not by a small margin.