Adding a custom session handler with Cloud Datastore.

[tmatsuo]

It's great if you give early feedback!

[tmatsuo]

Added a constructor :)

I will also add test. Maybe I can add unit test with mocking. Do you want to have a system test as well?

[tmatsuo]

Added the unit test.

[tmatsuo]

Maybe we should not ignore the $savePath and the $sessionName.

How about to use $savePath for the Datastore namespace and $sessionName for the Datastore kind?

[tmatsuo]

I started to use $sessionName for the kind.

However, utilizing $savePath while allowing the constructor injection of the DatastoreClient is tricky because there's no way changing the namespace afterwards. Do you have any recommendations?

[dwsupplee]

Looking really nice @tmatsuo, thank you for this.

While it is not documented , it is possible to pass a namespaceId through when constructing a key. ( @jdpedrie do you think it would be worthwhile to add documentation for that?)

$key = $datastore->key('key', 1234, [
    'namespaceId' => 'Namespace'
]);

The idea of using the $savePath to set that namespace sounds pretty slick to me.

A few comments:

Have you considered a form of locking at all?

I'm a little concerned about the garbage collection. According to the docs gc is called randomly. That could lead to some unexpected charges for users if they aren't familiar with the way this is configured to work. Do you think it would make sense to document that, or provide an alternative way for users to perform the garbage collection on their own terms?

[tmatsuo]

The idea of using the $savePath to set that namespace sounds pretty slick to me.

A few comments:

Have you considered a form of locking at all?

Good point. Maybe we can use the Datastore transaction? But it is a bit difficult with the current interface design. I think there are the same issues with any other session implementations.

I'm a little concerned about the garbage collection. According to the docs gc is called randomly. That could lead to some unexpected charges for users if they aren't familiar with the way this is configured to work. Do you think it would make sense to document that, or provide an alternative way for users to perform the garbage collection on their own terms?

Good point. Just for reducing the deletion cost (I think it's cheaper leaving entities than deleting them), maybe we can stop querying when gcLimit == 0 and document that. How does it sound?

Also, when I deployed a sample app with this handler, App Engine health check is constantly creating a new session entities in the datastore. We should also recommend that users use this handler only for needed handlers.

[tmatsuo]

While it is not documented , it is possible to pass a namespaceId through when constructing a key.

Also, is it same for query (which is needed in gc)?

[jdpedrie]

@tmatsuo yep, I added the ability to set a namespaceId on Datastore::runQuery() and Transaction::runQuery() in #214. It's not in a release yet, but you should have no trouble against dev-master.

[jdpedrie]

@dwsupplee I left it out of the documentation purposely because the right way to do it really is in the config. Most applications would want to use the same namespace across an entire project. If you think we should document it with a caveat I'm cool with that too.

[tmatsuo]

@jdpedrie Ah OK, great, I'll try to use that.

BTW, another viable solution for the session in cloud is to use Google Cloud Storage with gcs stream wrapper. I will also try to implement the stream wrapper.

Thanks,

[dwsupplee]

But it is a bit difficult with the current interface design. I think there are the same issues with any other session implementations.

Actually, I believe the default session handler locks.

Just for reducing the deletion cost (I think it's cheaper leaving entities than deleting them), maybe we can stop querying when gcLimit == 0 and document that. How does it sound?

That sounds like a solid idea. I wonder if it would be best to default the limit to 0 so that a user has to explicitly ask for the query/deletion to occur. What do you think?

[tmatsuo]

Actually, I believe the default session handler locks.

I see. There's no exclusive lock in datastore. Maybe we can create a transaction on open and commit in write?

That sounds like a solid idea. I wonder if it would be best to default the limit to 0 so that a user has to explicitly ask for the query/deletion to occur. What do you think?

Yeah I will do that.

[tmatsuo]

Now it uses the session.save_path for the namespaceId, and also uses transaction for data consistency. I still have a little concern on what happens when collision happens. Presumably it fails on write so a PHP_NOTICE error will be triggered, and usually you can see them in your logs.

Does it sound reasonable?

[dwsupplee]

Hmm, I don't think we would just want the write to fail if we run into concurrency issues. I will do a little more research after having pulled down and played with the code a little bit.

[jdpedrie]

A session handler that requires more than register, call session_start() is more than we should ask of users. It should be a drop in replacement for the default handler. Of course error handling is always a good thing, but expecting people to implement it on a part of their code that's expected to "just work" is another matter.

Yes, because write can also fail with other reasons. Only way to make sure whether the write succeeds is to have the error handler (or try-catch if we change it to throw exceptions).

Everything can fail, and obviously people should handle issues that can arise. That said, errors in the session handler are exceedingly rare. I can't recall ever running into one in the default implementation.

I'd rather not accept an implementation which we know can fail in certain (not uncommon) circumstances. Documenting how to work around those errors doesn't strike me as a compromise that is in the best interests of our users.

I think a Datastore session handler is a great idea, but as always the devil is in the details. As a user of the library, I would be worried about a session handler which was expected to fail in certain cases and which could very well cause problems for my users.

[tmatsuo]

@dwsupplee
Fair point, but as long as we use Datastore as the session store, it is still fair to say keep the write operation as few as possible in terms of reducing the cost :) Which also helps to avoid contention.

@jdpedrie
The default file implementation can fail too. Any other network based session implementations will fail more often of course due to network errors. Ignoring those errors is OK for some use cases, but I still think handling errors for session's write is a good practice with the current design of PHP session, especially if you don't want to lose the data.

But yeah, If you are not comfortable with this handler, I will just put it somewhere else :)

[tmatsuo]

In other words, all the peculiarity you feel from this handler, comes from the characteristic of the Datastore API itself. It provides the data consistency feature via it's transaction. It is optimistic lock which is not very well suited with the current PHP session's interface.

The reason why this handler can not be a complete drop-in replacement for every use-case (like heavily complex data in session for complex ajax application) is, well, in the most part, it's due to the limit of the current PHP session interface and the default behavior.

However, it's perfectly fine if you use this library just for sign-in and sign-out, even without setting the error handler, because awesome google-cloud-php will retry upon failure, so actually failures other than conflict are really rare.

Also it's perfectly fine if you use this library with the error handler installed, if you have complex session data, and you don't want to lose them.

I can't recall ever running into one in the default implementation.

Hmm, I think you're lucky! Even filesystem based simple session handler can fail. In my opinion, if you don't want to lose any session data, only reliable way is to handle errors like I do in the sample, it applies to any other session implementations.

[dwsupplee]

The reason why this handler can not be a complete drop-in replacement for every use-case (like heavily complex data in session for complex ajax application) is, well, in the most part, it's due to the limit of the current PHP session interface and the default behavior.

However, it's perfectly fine if you use this library just for sign-in and sign-out, even without setting the error handler, because awesome google-cloud-php will retry upon failure, so actually failures other than conflict are really rare.

I think this right here is what I'm looking for in the docs :). My only real concern at this point is someone thinking they can use it as a drop in replacement and being surprised by issues. If we make it clear what the best use cases are then I feel a lot better about putting it into people's hands.

[tmatsuo]

@dwsupplee
Good call. I will try to come up with a good documentation.

[tmatsuo]

It is my first attempt for the docblock update! PTAL @dwsupplee @jdpedrie

[dwsupplee]

The added documentation looks really helpful. Thanks for adding it!

[tmatsuo]

@jdpedrie Thanks for the review, all done.

[jdpedrie]

code looks good to me, but there are some docs issues still to be addressed. :)

Thanks for working through these issues with us, @tmatsuo.

[jdpedrie]

You can test whether the parser fails by running this command:

$ composer google-cloud docs

[tmatsuo]

@jdpedrie Alright, now it seems like it compiles, PTAL

[tmatsuo]

@jdpedrie @bshaffer PTAL

[jdpedrie]

Looks good! Thanks @tmatsuo