The PHP session logic has two distinct SessionHandlerInterface and SessionUpdateTimestampHandlerInterface interfaces while the SessionUpdateTimestampHandlerInterface interface is still not fully described in the docs.
The SessionHandlerInterface::write and SessionUpdateTimestampHandlerInterface::updateTimestamp functions feels quite similar. Both have the same arguments (session id and session data) and return a bool.
What is the difference between these two functions?
How should differ the code implementing these two functions?
How is the code supposed to update a timestamp if there is no timestamp provided to the updateTimestamp function?
Edit: I have created a PHP bug regarding the missing docs.
Advertisement
Answer
These two methods are quite similar but are called in different situations.
1)
SessionHandler without SessionUpdateTimestampHandlerInterface:
A logged in user requests a page and its session with all data gets loaded. During the request the dataset is not modified and once the session closes all data will be written into the storage again (calls SessionHandlerInterface::write). So you will write the same data over and over again.
SessionHandler with SessionUpdateTimestampHandlerInterface:
Same scenario but now if the dataset is not modified it will call SessionUpdateTimestampHandlerInterface::updateTimestamp. The advantage is now you know you don’t need to write the dataset again and you just can update the lifetime of the existing dataset. This can be a huge performance improvement.
2)
Thats depending on where you are storing the sessions/data. SessionHandlerInterface::write should really write the data and SessionUpdateTimestampHandlerInterface::updateTimestamp if possible should just update the lifetime of an existing item. Symfony has some good examples.
3)
The timestamp should be the same as the max lifetime to “reset” it on every request as normal write would do.
The documation as mentioned is not good at the moment. Some good information can be found in this RFC.