Override php.ini settings for max performance/portability
Posted: Thu Mar 04, 2010 7:07 am
Hi everyone
Just wondering what the best way to manage session settings is on a shared hosting platform.
I say shared hosting but we actually have a cPanel VPS but run multiple websites/accounts on this so effectively it is shared but we're the only people with access.
I already have the server's php.ini set to the following:
Bit I'd like to have more secure session settings for only one site on the server:
So that users on this site can remain logged in and the garbage won't be collected by users of other sites on the server. The sessions for this site will be in a completely separate location.
As I see it there's 3 different methods to override php.ini settings:
1) Specify through .htaccess using php_value to apply the settings to a whole site
2) Using ini_set in each script to apply each of the settings
3) Using the specific PHP functions... session_save_path() and session_set_cookie_params()
I'm favouring option #2 because it could be more portable, unless ini_set has been disabled by the administrator. As I can just set these in my site's config file and it's done.
Option #1 might not be available on a particular server... I think it's more likely that ini_set is enabled than the .htaccess method.
Is there any performance difference with any of these options?
Is there a significant performance penalty when overriding php.ini settings?
Cheers, B
Just wondering what the best way to manage session settings is on a shared hosting platform.
I say shared hosting but we actually have a cPanel VPS but run multiple websites/accounts on this so effectively it is shared but we're the only people with access.
I already have the server's php.ini set to the following:
Code: Select all
session.entropy_file = /dev/urandom
session.entropy_length = 128
session.hash_function = 1Code: Select all
session.save_path = /home/user/tmp_website.com_sessions
session.gc_maxlifetime = 604800
session.cookie_secure = onAs I see it there's 3 different methods to override php.ini settings:
1) Specify through .htaccess using php_value to apply the settings to a whole site
2) Using ini_set in each script to apply each of the settings
3) Using the specific PHP functions... session_save_path() and session_set_cookie_params()
I'm favouring option #2 because it could be more portable, unless ini_set has been disabled by the administrator. As I can just set these in my site's config file and it's done.
Option #1 might not be available on a particular server... I think it's more likely that ini_set is enabled than the .htaccess method.
Is there any performance difference with any of these options?
Is there a significant performance penalty when overriding php.ini settings?
Cheers, B