Sessions data can be saved in different modes eg; Files, SQL and No SQL databases.
But while benchmarking session it is observed File based session leads to depletion of inodes, SQL databases leads to slower performance due to large number of indexed session ids and no SQL databases leads to performance issues.
Benchmarking session is simulating session behaviour on attacks that may bring down a website or effect website performance.
As a solution to this on can start the session as below in the common file.
if ( isset( $_COOKIE['PHPSESSID'] ) ) {
// Wrong cookie values won't create a new session file/entry.
// Because its a read only.
session_start(
[
'read_and_close' => true,
]
);
}
This will start a read only session.
Once you are done with this and later in script you need to make changes (add/remove) session data. One can start the session in the normal way which we used to do earlier.
session_start();
and do required modifications.
$_SESSION[‘’key] = $value;
OR
unset($_SESSION[‘’some_key]);
