immwi
October 24, 2018, 7:33am
1
Hi
When in system check a NFS filesystem is detected, please check additionally if db sessions are already enabled. In this case the warning message could be left out.
Thanks a lot for your consideration!
Lukas
(Lukas Winkler)
October 24, 2018, 8:44am
2
HI,
Soon all session data will be stored in the database by default, so this should solve itself soon:
opened 12:26AM - 12 Oct 17 UTC
closed 05:49AM - 04 Dec 18 UTC
Major
c: Security
In order to simplify life (for example when we refactor/improve security in our … sesions in #12164), I'd like to propose that we remove the File Sessions Handler in Piwik, and default everyone to use the Database session handler.
* there is no advantage or reason to support the file sessions handler AFAIK.
* Instead the database session handler works well in all cases, especially in the case where multiple piwik frontends are used and sessions must be shared (load balanced Piwik), or when NFS is used to store Piwik files (in which case file sessions are very slow)
* We also support the Redis session handler, [see redis session faq](https://piwik.org/faq/how-to/faq_20521/)
Notes:
* we could then delete this database session FAQ: https://piwik.org/faq/how-to-install/faq_133/
* and update the [load balancer FAQ](https://piwik.org/faq/new-to-piwik/faq_134/) to remove the instructions about DB sessions
* Update the redis session FAQ https://piwik.org/faq/how-to/faq_20521/ and remove `By default Piwik uses the filesystem as a session handler. `
If not (maybe try out one of the beta versions once the feature came out), please reach out.