How to Use PdoSessionHandler to Store Sessions in the Database
Warning: You are browsing the documentation for Symfony 3.x, which is no longer maintained.
Read the updated version of this page for Symfony 7.2 (the current stable version).
The default Symfony session storage writes the session information to files. Most medium to large websites use a database to store the session values instead of files, because databases are easier to use and scale in a multiple web server environment.
Symfony has a built-in solution for database session storage called PdoSessionHandler. To use it, first register a new handler service:
1 2 3 4 5 6 7 8 9
# app/config/config.yml
services:
# ...
Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler:
public: false
arguments:
- 'mysql:dbname=mydatabase; host=myhost; port=myport'
- { db_username: myuser, db_password: mypassword }
Tip
Configure the database credentials as parameters defined with environment variables to make your application more secure.
Next, tell Symfony to use your service as the session handler:
1 2 3 4 5
# app/config/config.yml
framework:
session:
# ...
handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler
Configuring the Table and Column Names
This will expect a sessions
table with a number of different columns.
The table name, and all of the column names, can be configured by passing
a second array argument to PdoSessionHandler
:
1 2 3 4 5 6 7 8 9
# app/config/config.yml
services:
# ...
Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler:
public: false
arguments:
- 'mysql:dbname=mydatabase; host=myhost; port=myport'
- { db_table: 'sessions', db_username: 'myuser', db_password: 'mypassword' }
These are parameters that you can configure:
db_table
(defaultsessions
):- The name of the session table in your database;
db_id_col
(defaultsess_id
):- The name of the id column in your session table (VARCHAR(128));
db_data_col
(defaultsess_data
):- The name of the value column in your session table (BLOB);
db_time_col
(defaultsess_time
):- The name of the time column in your session table (INTEGER);
db_lifetime_col
(defaultsess_lifetime
):- The name of the lifetime column in your session table (INTEGER).
Sharing your Database Connection Information
With the given configuration, the database connection settings are defined for the session storage connection only. This is OK when you use a separate database for the session data.
But if you'd like to store the session data in the same database as the rest
of your project's data, you can use the connection settings from the
parameters.yml
file by referencing the database-related parameters defined there:
1 2 3 4 5 6 7 8
services:
# ...
Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler:
public: false
arguments:
- 'mysql:host=%database_host%;port=%database_port%;dbname=%database_name%'
- { db_username: '%database_user%', db_password: '%database_password%' }
Preparing the Database to Store Sessions
Before storing sessions in the database, you must create the table that stores the information. The session handler provides a method called createTable() to set up this table for you according to the database engine used:
1 2 3 4 5
try {
$sessionHandlerService->createTable();
} catch (\PDOException $exception) {
// the table could not be created for some reason
}
If you prefer to set up the table yourself, these are some examples of the SQL statements you may use according to your specific database engine.
MySQL
1 2 3 4 5 6
CREATE TABLE `sessions` (
`sess_id` VARCHAR(128) NOT NULL PRIMARY KEY,
`sess_data` BLOB NOT NULL,
`sess_time` INTEGER UNSIGNED NOT NULL,
`sess_lifetime` INTEGER UNSIGNED NOT NULL
) COLLATE utf8mb4_bin, ENGINE = InnoDB;
Note
A BLOB
column type can only store up to 64 kb. If the data stored in
a user's session exceeds this, an exception may be thrown or their session
will be silently reset. Consider using a MEDIUMBLOB
if you need more
space.
PostgreSQL
1 2 3 4 5 6
CREATE TABLE sessions (
sess_id VARCHAR(128) NOT NULL PRIMARY KEY,
sess_data BYTEA NOT NULL,
sess_time INTEGER NOT NULL,
sess_lifetime INTEGER NOT NULL
);
Microsoft SQL Server
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
CREATE TABLE [dbo].[sessions](
[sess_id] [nvarchar](255) NOT NULL,
[sess_data] [ntext] NOT NULL,
[sess_time] [int] NOT NULL,
[sess_lifetime] [int] NOT NULL,
PRIMARY KEY CLUSTERED(
[sess_id] ASC
) WITH (
PAD_INDEX = OFF,
STATISTICS_NORECOMPUTE = OFF,
IGNORE_DUP_KEY = OFF,
ALLOW_ROW_LOCKS = ON,
ALLOW_PAGE_LOCKS = ON
) ON [PRIMARY]
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
Caution
If the session data doesn't fit in the data column, it might get truncated by the database engine. To make matters worse, when the session data gets corrupted, PHP ignores the data without giving a warning.
If the application stores large amounts of session data, this problem can
be solved by increasing the column size (use BLOB
or even MEDIUMBLOB
).
When using MySQL as the database engine, you can also enable the strict SQL mode
to be notified when such an error happens.