On Oct 2, 2011, at 22:34 , Eric Pickup wrote: > Hi, This is my first post. I'm currently taking Symfony2 classes in > Montreal with your company and the teacher suggested I post this. > > I'm currently rewriting Youporn.com (obviously not safe for work) in > Symfony2. This is a very high traffic site. On really high traffic > sites sessions are not practical. They make pages uncacheable and add > a lot of overhead to page generation. We have a strict rule, no > sessions. > > However some Symfony tools need them even when they aren't strictly > needed. For example the translation code uses sessions to store the > user's locale. Parsing the headers can't be slower than a network hit > for memcached. > > The forms coding also uses them by default to prevent mischief which > is smart but but simple encrypted cookie would work just as well. We > still couldn't cache the page but it would avoid a hit on memcached, > redis, or whatever backend we are using. > > I've found work-arounds for both these issues but I figured I would > throw it out to you guys that depending on sessions when not strictly > needed reduces scalability.
well it would be great if you could roll your work around into a Bundle and publish it. there is a Bundle that supports signed cookies: https://github.com/nelmio/NelmioSecurityBundle regards. Lukas Kahwe Smith [email protected] -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
