PHPackages colinmollenhour/magento-redis-session - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. colinmollenhour/magento-redis-session ActiveMagento-module colinmollenhour/magento-redis-session ===================================== A Redis-based session handler for Magento with optimistic locking. 3.3.0(11mo ago)210225.3k↑188.6%122[7 issues](https://github.com/colinmollenhour/Cm_RedisSession/issues)[1 PRs](https://github.com/colinmollenhour/Cm_RedisSession/pulls)1BSD-3-ClausePHP Since Mar 19Pushed 11mo ago31 watchersCompare [ Source](https://github.com/colinmollenhour/Cm_RedisSession)[ Packagist](https://packagist.org/packages/colinmollenhour/magento-redis-session)[ Docs](https://github.com/colinmollenhour/Cm_RedisSession)[ RSS](/packages/colinmollenhour-magento-redis-session/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (2)Versions (53)Used By (1) Cm\_RedisSession ================ [](#cm_redissession) ### A Redis-based session handler for Magento with optimistic locking. [](#a-redis-based-session-handler-for-magento-with-optimistic-locking) #### Features: [](#features) - Falls back to mysql handler if it can't connect to Redis. Mysql handler falls back to file handler. - When a session's data size exceeds the compression threshold the session data will be compressed. - Compression libraries supported are 'gzip', 'lzf', 'lz4', and 'snappy'. -- Gzip is the slowest but offers the best compression ratios. -- Lzf can be installed easily via PECL. -- Lz4 is supported by HHVM. - Compression can be enabled, disabled, or reconfigured on the fly with no loss of session data. - Expiration is handled by Redis; no garbage collection needed. - Logs when sessions are not written due to not having or losing their lock. - Limits the number of concurrent lock requests before a 503 error is returned. - Detects inactive waiting processes to prevent false-positives in concurrency throttling. - Detects crashed processes to prevent session deadlocks (Linux only). - Gives shorter session lifetimes to bots and crawlers to reduce wasted resources. - Locking can be disabled entirely using config or `define('CM_REDISSESSION_LOCKING_ENABLED', FALSE);` or by setting `$this->setFlag('', Cm_RedisSession_Model_Session::FLAG_READ_ONLY, 1)` flag in controller predispatch. - Requires PHP >= 5.3. Yes, this is a feature. You're welcome. ;) #### Locking Algorithm Properties: [](#locking-algorithm-properties) - Only one process may get a write lock on a session. - A process may lose it's lock if another process breaks it, in which case the session will not be written. - The lock may be broken after `BREAK_AFTER` seconds and the process that gets the lock is indeterminate. - Only `MAX_CONCURRENCY` processes may be waiting for a lock for the same session or else a 503 error is returned. #### Session Cookie Management: [](#session-cookie-management) The Cookie Lifetime is configured here (Magento default): System > Configuration > Web > Session Cookie Management > Cookie Lifetime. You can override the default session lifetime settings of this module by setting the `` and `` handle if you need to adjust your session lifetime settings. Be aware that if the `` setting is below your Cookie Lifetime, the ``-setting will be taken. Installation ------------ [](#installation) This extension can be installed with either Composer or modman. **Important:** The 3.0.0 release is packaged exclusively as a composer module and cannot be installed with modman. If you do not use composer stick with the 2.x release. The Magento Compiler feature is currently not supported. #### Modman Installation [](#modman-installation) 1. Install module using [modman](https://github.com/colinmollenhour/modman): ``` modman clone https://github.com/colinmollenhour/Cm_RedisSession ``` If you want to install a specific version, you can add `-- --branch x.y.z` to the command. 2. Configure via app/etc/local.xml adding a `global/redis_session` section with the appropriate configuration if needed. See the "Configuration Example" below. 3. Refresh the config cache to allow the module to be installed by Magento. 4. Test the configuration by running the migrateSessions.php script in `--test` mode. ``` sudo php .modman/Cm_RedisSession/migrateSessions.php --test ``` 5. Change the `global/session_save` configuration to "db" in app/etc/local.xml. The "db" value is the MySQL handler, but Cm\_RedisSession overrides it to avoid modifying core files. 6. Migrate the old sessions to Redis. See the "Migration" section below for details. The migration script will clear the config cache after migration is complete to activate the config change made in step 5. #### Configuration Example [](#configuration-example) ``` ... db 127.0.0.1 6379 2.5 0 2048 gzip 1 6 5 10 30 600 60 7200 0 60 2592000 0 0 ... ... ``` Migration --------- [](#migration) A script is included to make session migration from files storage to Redis with minimal downtime very easy. Use a shell script like this for step 6 of the "Installation" section. ``` cd /var/www # Magento installation root touch maintenance.flag # Enter maintenance mode sleep 2 # Allow any running processes to complete # This will copy sessions into redis and clear the config cache so local.xml changes will take effect sudo php .modman/Cm_RedisSession/migrateSessions.php -y rm maintenance.flag # All done, exit maintenance mode ``` Depending on your server setup this may require some changes. Old sessions are not deleted so you can run it again if there are problems. The migrateSessions.php script has a `--test` mode which you definitely should use *before*the final migration. Also, the `--test` mode can be used to compare compression performance and ratios. Last but not least, the `--test` mode will tell you roughly how much space your compressed sessions will consume so you know roughly how to configure `maxmemory` if needed. All sessions have an expiration so `volatile-lru` or `allkeys-lru`are both good `maxmemory-policy` settings. Compression ----------- [](#compression) Session data compresses very well so using compression is a great way to increase your capacity without dedicating a ton of RAM to Redis and reducing network utilization. The default `compression threshold` is 2048 bytes so any session data equal to or larger than this size will be compressed with the chosen `compression_lib` which is `gzip` by default. Compression can be disabled by setting the `compression_lib` to `none`. However, both `lzf` and `snappy` offer much faster compression with comparable compression ratios so I definitely recommend using one of these if you have root. lzf is easy to install via pecl: ``` sudo pecl install lzf ``` *NOTE:* If using suhosin with session data encryption enabled (default is `suhosin.session.encrypt=on`), two things: 1. You will probably get very poor compression ratios. 2. Lzf fails to compress the encrypted data in my experience. No idea why... If any compression lib fails to compress the session data an error will be logged in `system.log` and the session will still be saved without compression. If you have `suhosin.session.encrypt=on` I would either recommend disabling it (unless you are on a shared host since Magento does it's own session validation already) or disable compression or at least don't use lzf with encryption enabled. Bot Detection ------------- [](#bot-detection) Bots and crawlers typically do not use cookies which means you may be storing thousands of sessions that serve no purpose. Even worse, an attacker could use your limited session storage against you by flooding your backend, thereby causing your legitimate sessions to get evicted. However, you don't want to misidentify a user as a bot and kill their session unintentionally. This module uses both a regex as well as a counter on the number of writes against the session to determine the session lifetime. Using with [Cm\_Cache\_Backend\_Redis](https://github.com/colinmollenhour/Cm_Cache_Backend_Redis) ------------------------------------------------------------------------------------------------- [](#using-with-cm_cache_backend_redis) Using Cm\_RedisSession alongside Cm\_Cache\_Backend\_Redis should be no problem at all. The main thing to keep in mind is that if both the cache and the sessions are using the same database, flushing the cache backend would also flush the sessions! So, don't use the same 'db' number for both if running only one instance of Redis. However, using a separate Redis instance for each is recommended to make sure that one or the other can't run wild consuming space and cause evictions for the other. For example, configure two instances each with 100M maxmemory rather than one instance with 200M maxmemory. License ------- [](#license) ``` @copyright Copyright (c) 2013 Colin Mollenhour (http://colin.mollenhour.com) This project is licensed under the "New BSD" license (see source). ``` ### Health Score 57 — FairBetter than 98% of packages Maintenance50 Moderate activity, may be stable Popularity55 Moderate usage in the ecosystem Community35 Small or concentrated contributor base Maturity76 Established project with proven stability Bus Factor1 Top contributor holds 78.6% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~101 days Recently: every ~200 days Total 45 Last Release 354d ago Major Versions 1.15 → 2.02016-11-12 2.4.0 → 3.0.02022-08-03 2.5.0 → 3.2.12025-04-25 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/38738?v=4)[Colin Mollenhour](/maintainers/colinmollenhour)[@colinmollenhour](https://github.com/colinmollenhour) --- Top Contributors [![colinmollenhour](https://avatars.githubusercontent.com/u/38738?v=4)](https://github.com/colinmollenhour "colinmollenhour (154 commits)")[![tmotyl](https://avatars.githubusercontent.com/u/515397?v=4)](https://github.com/tmotyl "tmotyl (5 commits)")[![forfin](https://avatars.githubusercontent.com/u/7200907?v=4)](https://github.com/forfin "forfin (4 commits)")[![avoelkl](https://avatars.githubusercontent.com/u/1798594?v=4)](https://github.com/avoelkl "avoelkl (4 commits)")[![sergeykalenyuk](https://avatars.githubusercontent.com/u/1863773?v=4)](https://github.com/sergeykalenyuk "sergeykalenyuk (2 commits)")[![nemphys](https://avatars.githubusercontent.com/u/739270?v=4)](https://github.com/nemphys "nemphys (2 commits)")[![Vinai](https://avatars.githubusercontent.com/u/72463?v=4)](https://github.com/Vinai "Vinai (2 commits)")[![sprankhub](https://avatars.githubusercontent.com/u/930199?v=4)](https://github.com/sprankhub "sprankhub (2 commits)")[![justinbeaty](https://avatars.githubusercontent.com/u/51970393?v=4)](https://github.com/justinbeaty "justinbeaty (1 commits)")[![kanevbg](https://avatars.githubusercontent.com/u/11477130?v=4)](https://github.com/kanevbg "kanevbg (1 commits)")[![kirkmadera](https://avatars.githubusercontent.com/u/1686495?v=4)](https://github.com/kirkmadera "kirkmadera (1 commits)")[![krzysztof-deligo](https://avatars.githubusercontent.com/u/234443893?v=4)](https://github.com/krzysztof-deligo "krzysztof-deligo (1 commits)")[![mokadev](https://avatars.githubusercontent.com/u/876905?v=4)](https://github.com/mokadev "mokadev (1 commits)")[![mpchadwick](https://avatars.githubusercontent.com/u/4132322?v=4)](https://github.com/mpchadwick "mpchadwick (1 commits)")[![norgeindian](https://avatars.githubusercontent.com/u/11156287?v=4)](https://github.com/norgeindian "norgeindian (1 commits)")[![parhamr](https://avatars.githubusercontent.com/u/177123?v=4)](https://github.com/parhamr "parhamr (1 commits)")[![pbaldauf](https://avatars.githubusercontent.com/u/6916364?v=4)](https://github.com/pbaldauf "pbaldauf (1 commits)")[![Persata](https://avatars.githubusercontent.com/u/1608834?v=4)](https://github.com/Persata "Persata (1 commits)")[![ToonSpinISAAC](https://avatars.githubusercontent.com/u/13380523?v=4)](https://github.com/ToonSpinISAAC "ToonSpinISAAC (1 commits)")[![viable-hartman](https://avatars.githubusercontent.com/u/1300504?v=4)](https://github.com/viable-hartman "viable-hartman (1 commits)") ### Embed Badge ![Health badge](/badges/colinmollenhour-magento-redis-session/health.svg) ``` [![Health](https://phpackages.com/badges/colinmollenhour-magento-redis-session/health.svg)](https://phpackages.com/packages/colinmollenhour-magento-redis-session) ``` ### Alternatives [magento/community-edition Magento 2 (Open Source) 12.1k52.1k10](/packages/magento-community-edition)[wheelpros/fitment-platform-api Magento 2 (Open Source) 12.1k1.2k](/packages/wheelpros-fitment-platform-api)[colinmollenhour/cache-backend-redis Zend\_Cache backend using Redis with full support for tags. 38522.9M13](/packages/colinmollenhour-cache-backend-redis)[colinmollenhour/php-redis-session-abstract A Redis-based session handler with optimistic locking 6325.6M14](/packages/colinmollenhour-php-redis-session-abstract)[resque/php-resque Redis backed library for creating background jobs and processing them later. Based on resque for Ruby. 2371.8M7](/packages/resque-php-resque)[rhubarbgroup/redis-cache A persistent object cache backend for WordPress powered by Redis. Supports Predis, PhpRedis, Relay, replication, sentinels, clustering and WP-CLI. 51795.3k1](/packages/rhubarbgroup-redis-cache) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)