Page 1 of 1

Override php.ini settings for max performance/portability

Posted: Thu Mar 04, 2010 7:07 am
by batfastad
Hi everyone

Just wondering what the best way to manage session settings is on a shared hosting platform.
I say shared hosting but we actually have a cPanel VPS but run multiple websites/accounts on this so effectively it is shared but we're the only people with access.

I already have the server's php.ini set to the following:

Code: Select all

session.entropy_file = /dev/urandom
session.entropy_length = 128
session.hash_function = 1
Bit I'd like to have more secure session settings for only one site on the server:

Code: Select all

session.save_path = /home/user/tmp_website.com_sessions
session.gc_maxlifetime = 604800
session.cookie_secure = on
So that users on this site can remain logged in and the garbage won't be collected by users of other sites on the server. The sessions for this site will be in a completely separate location.

As I see it there's 3 different methods to override php.ini settings:
1) Specify through .htaccess using php_value to apply the settings to a whole site
2) Using ini_set in each script to apply each of the settings
3) Using the specific PHP functions... session_save_path() and session_set_cookie_params()

I'm favouring option #2 because it could be more portable, unless ini_set has been disabled by the administrator. As I can just set these in my site's config file and it's done.
Option #1 might not be available on a particular server... I think it's more likely that ini_set is enabled than the .htaccess method.

Is there any performance difference with any of these options?
Is there a significant performance penalty when overriding php.ini settings?

Cheers, B

Re: Override php.ini settings for max performance/portability

Posted: Thu Mar 04, 2010 11:25 am
by Weirdan
batfastad wrote:Is there any performance difference with any of these options?
Not using option #1 allows one to turn off .htaccess processing. Useful to reduce the number of filesystem accesses the webserver has to perform to satisfy a request.