Crazy Horse
asked on
Should you store your session in the database?
I am creating a session when a user logs in using express-session. I have however heard that the session should be stored in a database instead of in memory by means of something like connect-mongodb-session.
Is this accurate?
Is this accurate?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That's an interesting question I don't immediately have the answer to. My application has 400,000+ session records at 100 MB total storage space after only a few months of non-production use.
Maybe another expert can weigh in on that?
Maybe another expert can weigh in on that?
Whether you store data in memory or disk really depend on number on database instances.
If you're running 3x database instances using DNS round robin, where a person must login + then may interact with any one of 3x databases during life of his session, then you'll keep session data in the database + this will tend to slow down page transitions (moving from page to page).
If you're only running 1x database instance, keep session data in memory for best speed.
Read through the WordPress docs about how WordPress handles this. WordPress core is tooled to work with session storage in either memory or database.
If you're running 3x database instances using DNS round robin, where a person must login + then may interact with any one of 3x databases during life of his session, then you'll keep session data in the database + this will tend to slow down page transitions (moving from page to page).
If you're only running 1x database instance, keep session data in memory for best speed.
Read through the WordPress docs about how WordPress handles this. WordPress core is tooled to work with session storage in either memory or database.
ASKER
So, when I hit the home page I see the session saved into the database and when I log in I see that my user object is saved into the session. When I log out the user data is removed and that session destroyed but a new random session is stored in the database. Over time won't these random sessions saved to the database build up and max out the database storage?