AWS Official Blog

Scalable Session Handling in PHP Using Amazon DynamoDB

by Jeff Barr | on | in Amazon DynamoDB, Coding Tip | | Comments

Jeremy Lindblom of the AWS Developer Services team put together the following guest post to show PHP developers how to store session data in Amazon DynamoDB.

— Jeff;

The DynamoDB Session Handler is a new feature of the AWS SDK for PHP which allows developers to utilize Amazon DynamoDB the brand new NoSQL database service offered by AWS as a scalable session store.

Typical session handling in PHP is not scalable

Sessions are used to preserve short-term data across multiple HTTP requests, and are used to accomplish common tasks such as storing user logins and shopping cart contents. PHPs native session handler stores session data to the local file system; however, this approach becomes unreliable in distributed web applications. On subsequent requests the user may not be routed to the same server causing the data to be effectively forgotten. The user will be logged out and confused.

To overcome this issue, PHP developers have implemented custom solutions for storing their users session data using databases, shared file systems, Memcache servers, tamper-proof cookies, and other storage mechanisms. PHP provides an interface for writing custom session handlers using the session_set_save_handler() function, allowing the developer to provide custom session-handling implementations while maintaining the native PHP interface.

The DynamoDB Session Handler uses this same technique to facilitate session storage in the cloud with Amazon DynamoDB.

Using the DynamoDB Session Handler is simple

The first step is to instantiate the Amazon DynamoDB client and register the session handler.

require_once 'AWSSDKforPHP/sdk.class.php';

// Instantiate the Amazon DynamoDB client.
// REMEMBER: You need to set 'defaultcacheconfig' in your
$dynamodb = new AmazonDynamoDB();

// Register the DynamoDB Session Handler.
$handler = $dynamodb->registersessionhandler(array(
    'tablename' => 'my-sessions-table'

Before you can use the session handler, you need to create a table to store the sessions in. This can be done through the AWS Console for Amazon DynamoDB, or using the session handler class (which youve already configured with the table name).

// Create a table for session storage with default settings.

Once the session handler is registered with a valid table, you can write to (and read from) the session using the standard $_SESSION superglobal.

// Start the session. This will acquire a lock if session locking is enabled.

// Alter the session data.
$SESSION['username'] = 'jeremy';
$_SESSION['role'] = 'admin';

The DynamoDB Session Handler simplifies session handling by encapsulating and abstracting away the interaction with Amazon DynamoDB, and enabling you to use PHPs native session interface. The session handler also leverages session locking (optional) to prevent race conditions during concurrent requests (e.g., Ajax, iframes).

(NOTE: These examples use default options. To find out more about configuring the session handler, please refer to the _docs/DYNAMODBSESSIONHANDLER.html file distributed with the AWS SDK for PHP.

Amazon DynamoDB provides easy, scalable session storage

Amazon DynamoDB is the ideal candidate for a session storage solution in a share-nothing, distributed architecture.

  • Easy As a fully-hosted, fully-managed solution, there is nothing to install or setup.
  • Fast The service is fundamentally designed for low latency (including the usage of SSDs).
  • Smart You dont need to worry about scalability, replication, redundancy or sharding. Everything happens automatically and seamlessly.

Only pay for the throughput you need

Aside from nominal data storage and data transfer fees, the costs associated with using Amazon DynamoDB are calculated based on provisioned throughput capacity and item size (see the Amazon DynamoDB pricing details). Throughput is measured in units of Read Capacity and Write Capacity. Ultimately, the throughput and costs required for your sessions table is going to be based on your website traffic, but the following is a list of the capacity units required for each session-related operation with the assumption that your sessions are less than 1KB in size:

  • Reading via session_start()

    With locking enabled: 1 unit of Write Capacity + 1 unit of Write Capacity for each time it must retry acquiring the lock

    With locking disabed: 1 unit of Read Capacity (or 0.5 units of Read Capacity if consistent reads are disabled)

  • Writing via session_write_close()

    1 unit of Write Capacity

  • Deleting via session_destroy()

    1 unit of Write Capacity

  • Garbage Collecting via DyanamoDBSessionHandler::garbage_collect()

    0.5 units of Read Capacity per KB of data in the sessions table + 1 unit of Write Capacity per expired item

Session locking is enabled by default in the DynamoDB Session Handler since it tries to emulate the functionality of the native PHP session handler, which is designed to lock the session when it opens it for reading and writing. However, if your users are making concurrent requests via ajax or iframes with locking enabled, the session handler may consume many units of Write Capacity while attempting to acquire the lock. You should carefully evaluate whether or not your application requires the use of session locking at all since it can add extra costs and latencies. You may turn session locking off to make the session handler faster and cheaper. This is done by passing in another configuration setting when you register the session handler.

$handler = $dynamodb -> register_session_handler ( array (
    ‘table_name’       => ‘my-sessions-table’ ,
    ‘session_locking’ => false ,
) ) ;

Give the DynamoDB Session Handler a try

Scalable session handling in PHP is easy with the Amazon DynamoDB. For more information about how to use and configure the DynamoDB Session Handler, please refer to the _docs/DYNAMODBSESSIONHANDLER.html file distributed with the AWS SDK for PHP. If you would like more information about the Amazon DynamoDB service, please visit the Amazon DynamoDB product page.

– Jeremy

Jeremy Lindblom