By Loïc d'Anterroches, xhtml.net, 18th of February, 2011
How are the sessions managed within Photon.
A client session in a disconnected protocol like HTTP is always a bit messy to manage. That is, you never know when the client is not anymore "here" because the client is never really connected. Usually a session stops after a timeout. The timeout can be few minutes or several years, it usually depends on the life the cookie tracking the session. The problem is that sometimes, you do not want to use cookies to track user sessions, for example, you use directly the HTTP authentification mechanism or matching based on the ip address and some unique information about the client (User agent, screen resolution, etc. this method is known as finger printing).
So, to have good session management, one need a flexible way to know in which session the current client request is.
The flow is basically, the following:
If at step 3, no session data are found, the server can create a new empty session or consider no session at all.
The role of a session is to store a minimal amount of transient information related to the client. The purpose is not to store long term data, for example, the session information could be fully stored in cookies or in volatile memory. The only effect of loosing session data should not be worse than logging out the user if logged in, losing possible A/B testing information or other related minor stuff.
Photon has two storages for the session data by default with both of them using a cookie to store the session id once defined.
All the data are stored in signed cookies. The system is smart enough to limit the data transfer and avoid sending too many cookies.
The data is stored in an in process storage, this means that you can have only one Photon process running for the session system to work at the moment as the data are not synchronized between the processes. This could be added in the future, but it is most likely better to just put the data in MongoDB or Memcached if you really need something like that.