Code to store PHP sessions within memcached.

Vincent van Leeuwen memcached at
Fri Nov 17 11:38:46 UTC 2006

On 2006-11-17 10:06:23 +0200, Reinis Rozitis wrote:
> Hmm why dont you just use the nice feature of php to have your own session 
> handling functions override the default which could be transparent to the 
> rest of the code?

PHP sessions have some security problems, mostly related to session fixation
and such. There have also been a lot of bug- (crashes) and security-fixes
(leaking information) to the session code, even in recent PHP versions, which 
makes me doubt the quality of the code.

If your sessions aren't used for sensitive information you can get away with
using PHP sessions, but otherwise code your own minimal session-implementation
of which you know exactly how it works and which security problems it does or
doesn't have.


Vincent van Leeuwen
Media Design -

More information about the memcached mailing list