Is there a way or module that allows to limit the number of concurrent active connections per user (defined based on the Cookie PHPSESSID header) with Apache httpd on the apache level.
I can't do this on the PHP level, since php sessions are locked, so there are actually no concurrently executed page requests - one is executed, all others are waiting until the active session closes.
If there are more then the defined limit number of active requests I'm fine with rejecting any further requests - until the number of concurrent active requests goes below the limit per user.
If there is a way to exclude page requests with certain request URL patterns (eg. jpg, css, js) from this limit that would be ok with me.
The issue we are running into is that sometimes randomly single user's browsers open hundreds of connections that show up as "W" status in the apache status, but did not send a single byte to the browser, I assume thats because of the PHP session locking while the first request is slow or stuck.