Disabling anonymous sessions?
I'm putting Drupal onto a high traffic site and I'm concerned with the scalability of the anonymous sessions. I asked about disabling the sessions in #drupal on freenode and there was interest in the solution, but no one had done it before, so I'm bringing the question here.
A lot of the modules (both built in and 3rd party like CCK) use $_SESSION, but it looks like that is only for administration forms or functions that a user will have to be logged in to use anyway. includes/session.inc specifically mentions the throttle module and the "Who's Online" block - both of which I won't be using, so I don't see anything that jumps out at me as requiring an anonymous session.
Two ways of avoiding the sessions come to mind at first glance:
Firstly, I think I could tap into DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE which calls the currently-non-existant page_cache_fastpath(). If I create that function, and inside of it I bootstrap Drupal and just skip over DRUPAL_BOOTSTRAP_SESSION for anyone that isn't logged in, I think I might avoid the problems.
Secondly, I could edit bootstrap.inc (I'd rather not edit core code) to do the same thing - check for a cookie or something before calling session_start() on anonymous sessions.
Anyone have experience with this before? Any other ideas?
Thanks.
No solution but confirming the problem
We just ran a test a few minutes ago using one of the higher traffic sites and a Drupal site. We plugged in a iframe from the high traffic site so that it would load the the frontpage of the Drupal site as an anoanymous user. Then we just sat back and watched the mysql processes using HeidiSQL. Not only did the dev server die under the load but one of the major contributors to the crash was the sessions table.
Caching was not an option since we had to turn off table locking for the cache table to get anything to perform under the load. Total time before crashing (with 11,000 users, 15 page loads per second, approximates for low periods) 40 seconds on Drupal 4.7
Hiveminds Magazine - for web publishers and community builders
http://www.hiveminds.co.uk
http://demo.hiveminds.co.uk
Drupal Support Wiki | Drupal Sverige
I filed a bug
I filed a bug about it if you'd like to follow along: http://drupal.org/node/201122
We'll see how it goes.
I got it working properly!
We have a bunch of high traffic websites running Drupal and similar to you we don't need to keep any data in session for anonymous users.
I made some changes in session.inc to basically not start session at all on our production servers and it reduced the number of database queries to half which is a really good.
since each website ( of ours ) is accessible using two different domain names ( one for editing used by people who update the site and post data and the other one used by our anonymous end users) I could disable / enable sessions by checking the hostname (baseurl) and it works properly with no problem.
if you need all the website users ( authenticated users and anonymous users ) access the website using the same url , I am not sure how could you possibly distinguish between http requests coming from two groups of users, as Drupal keeps the userid in session and you have to start session and read the data from session in order to know if user is logged on or he is an anonymous user.
Drupal only keeps sessionid as cookie which is not going to help in this matter.
I'm also interested
Did someone managed to find out a solution for this problem ?