[nycphp-talk] AJAX and State
Rob Marscher
rmarscher at beaffinitive.com
Fri Sep 7 11:44:47 EDT 2007
On Sep 7, 2007, at 7:01 AM, Elliotte Harold wrote:
> Kenneth Downs wrote:
>> Elliotte Harold wrote:
>>> http://www.google.com/search?q=Ken+Downs&hl=en&start=10&sa=N
>> Did you log into Google?
> Checking the screen it looks I was logged in
So... how did Google know you were logged in? Look at your cookies
-- there's one from google.com called SID -- Session ID!
Google is using sessions to keep track of whether or not you are
logged in. I see authentication as the primary use for sessions. I
agree that sessions could be considered evil if you try to store too
much in there and rely on them for parts of your application that
could be stored elsewhere. For authentication purposes, I don't see
another alternative, unless what I consider "sessions" is different
from your definition.
In terms of large scaling, you could have a federation of session
servers using a hashing algorithm based on the session id to
determine which sessions are stored on which server and have the rest
of your app communicate with them to determine if the session is
valid and get a user id and authentication credentials. I do agree
that they are difficult to scale because of high read and write
concurrency. I would imagine that all the huge apps use a memory
cache for sessions and optionally write them to disk periodically or
log them in some other way if they need to keep track of stats or
it's critical that no one's session can be lost by a server reboot.
-Rob
More information about the talk
mailing list