Symfony 4 was released on November 30th.
Update now to the best Symfony ever!

You are browsing the Symfony 4 documentation, which changes significantly from Symfony 3.x. If your app doesn't use Symfony 4 yet, browse the Symfony 3.4 documentation.

How to Use PdoSessionHandler to Store Sessions in the Database

How to Use PdoSessionHandler to Store Sessions in the Database

The default Symfony session storage writes the session information to files. Most medium to large websites use a database to store the session values instead of files, because databases are easier to use and scale in a multiple web server environment.

Symfony has a built-in solution for database session storage called PdoSessionHandler. To use it, first register a new handler service:

  • YAML
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    # config/services.yaml
    services:
        # ...
    
        Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler:
            arguments:
                - 'mysql:dbname=mydatabase'
                - { db_username: myuser, db_password: mypassword }
    
                # If you're using Doctrine & want to re-use that connection, then:
                # comment-out the above 2 lines and uncomment the line below
                # - !service { class: PDO, factory: 'database_connection:getWrappedConnection' }
    
  • XML
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    <!-- config/services.xml -->
    <?xml version="1.0" encoding="UTF-8" ?>
    <container xmlns="http://symfony.com/schema/dic/services"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:framework="http://symfony.com/schema/dic/symfony"
        xsi:schemaLocation="http://symfony.com/schema/dic/services
            http://symfony.com/schema/dic/services/services-1.0.xsd
            http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
    
        <services>
            <service id="Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler" public="false">
                <argument>mysql:dbname=mydatabase</argument>
                <argument type="collection">
                    <argument key="db_username">myuser</argument>
                    <argument key="db_password">mypassword</argument>
                </argument>
            </service>
        </services>
    </container>
    
  • PHP
    1
    2
    3
    4
    5
    6
    7
    8
    9
    // config/services.php
    use Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler;
    
    $storageDefinition = $container->autowire(PdoSessionHandler::class)
        ->setArguments(array(
            'mysql:dbname=mydatabase',
            array('db_username' => 'myuser', 'db_password' => 'mypassword')
        ))
    ;
    

Next, tell Symfony to use your service as the session handler:

  • YAML
    1
    2
    3
    4
    5
    # config/packages/doctrine.yaml
    framework:
        session:
            # ...
            handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler
    
  • XML
    1
    2
    3
    4
    5
    <!-- config/packages/doctrine.xml -->
    <framework:config>
        <!-- ... -->
        <framework:session handler-id="Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler" cookie-lifetime="3600" auto-start="true"/>
    </framework:config>
    
  • PHP
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    // config/packages/doctrine.php
    use Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler;
    
    // ...
    $container->loadFromExtension('framework', array(
        // ...
        'session' => array(
            // ...
            'handler_id' => PdoSessionHandler::class,
        ),
    ));
    

Configuring the Table and Column Names

This will expect a sessions table with a number of different columns. The table name, and all of the column names, can be configured by passing a second array argument to PdoSessionHandler:

  • YAML
    1
    2
    3
    4
    5
    6
    7
    8
    # config/services.yaml
    services:
        # ...
    
        Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler:
            arguments:
                - 'mysql:dbname=mydatabase'
                - { db_table: sessions, db_username: myuser, db_password: mypassword }
    
  • XML
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    <!-- config/services.xml -->
    <?xml version="1.0" encoding="UTF-8" ?>
    <container xmlns="http://symfony.com/schema/dic/services"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://symfony.com/schema/dic/services
            http://symfony.com/schema/dic/services/services-1.0.xsd">
    
        <services>
            <service id="Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler" public="false">
                <argument>mysql:dbname=mydatabase</argument>
                <argument type="collection">
                    <argument key="db_table">sessions</argument>
                    <argument key="db_username">myuser</argument>
                    <argument key="db_password">mypassword</argument>
                </argument>
            </service>
        </services>
    </container>
    
  • PHP
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    // config/services.php
    
    use Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler;
    // ...
    
    $container->autowire(PdoSessionHandler::class)
        ->setArguments(array(
            'mysql:dbname=mydatabase',
            array('db_table' => 'sessions', 'db_username' => 'myuser', 'db_password' => 'mypassword')
        ))
    ;
    

These are parameters that you must configure:

db_table (default sessions):
The name of the session table in your database;
db_id_col (default sess_id):
The name of the id column in your session table (VARCHAR(128));
db_data_col (default sess_data):
The name of the value column in your session table (BLOB);
db_time_col (default sess_time):
The name of the time column in your session table (INTEGER);
db_lifetime_col (default sess_lifetime):
The name of the lifetime column in your session table (INTEGER).

Preparing the Database to Store Sessions

Before storing sessions in the database, you must create the table that stores the information. The following sections contain some examples of the SQL statements you may use for your specific database engine.

A great way to run this on production is to generate an empty migration, and then add this SQL inside:

1
$ php bin/console doctrine:migrations:generate

Find the correct SQL below and put it inside that file. Then execute it with:

1
$ php bin/console doctrine:migrations:migrate

MySQL

1
2
3
4
5
6
CREATE TABLE `sessions` (
    `sess_id` VARCHAR(128) NOT NULL PRIMARY KEY,
    `sess_data` BLOB NOT NULL,
    `sess_time` INTEGER UNSIGNED NOT NULL,
    `sess_lifetime` MEDIUMINT NOT NULL
) COLLATE utf8_bin, ENGINE = InnoDB;

Note

A BLOB column type can only store up to 64 kb. If the data stored in a user's session exceeds this, an exception may be thrown or their session will be silently reset. Consider using a MEDIUMBLOB if you need more space.

PostgreSQL

1
2
3
4
5
6
CREATE TABLE sessions (
    sess_id VARCHAR(128) NOT NULL PRIMARY KEY,
    sess_data BYTEA NOT NULL,
    sess_time INTEGER NOT NULL,
    sess_lifetime INTEGER NOT NULL
);

Microsoft SQL Server

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
CREATE TABLE [dbo].[sessions](
    [sess_id] [nvarchar](255) NOT NULL,
    [sess_data] [ntext] NOT NULL,
    [sess_time] [int] NOT NULL,
    [sess_lifetime] [int] NOT NULL,
    PRIMARY KEY CLUSTERED(
        [sess_id] ASC
    ) WITH (
        PAD_INDEX  = OFF,
        STATISTICS_NORECOMPUTE  = OFF,
        IGNORE_DUP_KEY = OFF,
        ALLOW_ROW_LOCKS  = ON,
        ALLOW_PAGE_LOCKS  = ON
    ) ON [PRIMARY]
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]

Caution

If the session data doesn't fit in the data column, it might get truncated by the database engine. To make matters worse, when the session data gets corrupted, PHP ignores the data without giving a warning.

If the application stores large amounts of session data, this problem can be solved by increasing the column size (use BLOB or even MEDIUMBLOB). When using MySQL as the database engine, you can also enable the strict SQL mode to be notified when such an error happens.

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.