I upgraded to last version recently. Seeing this in logging. Using magento github lts 1937

Redis::expire() expects parameter 2 to be integer, string given in /app/code/local/Credis/Client.php on line 1132

I have a multi-vps Magento setup which is currently sharing a dedicated redis data store across 6 workers - each dedicated solely to processing php.

After recently being asked to install New Relic to investigate performance problems, it is reporting that one of the main culprits is the redis session stuff, with an example trace showing 48% in Credis_Client::__call, and 40% in Cm_RedisSession_Model_Session::read. The big worry was that the complete /catalog/category/view 'transaction' took just under 80s to complete!

Now it looks like the newrelic.so PHP plugin is based on xdebug, which is known to mess with performance anyway, so I am taking this with a pinch of salt.

When I run perf tests via the cli from the same server, all runs fine. The redis server is not overloaded, although network traffic may be in excess of 40Mbit/s. I have updated to the latest RedisSession plugin. I have updated redis to 2.6.14, and it is now not saving session details to disk. I have updated phpredis to current

My current config is...

    <session_save><![CDATA[db]]></session_save>
    <redis_session>                      
        <host>192.168.132.86</host>
        <port>6379</port>
        <timeout>5.0</timeout>            
        <persistent></persistent>        
        <db>0</db>
        <compression_threshold>0</compression_threshold>  
        <compression_lib>gzip</compression_lib>              
        <log_broken_locks>0</log_broken_locks>              
        <max_concurrency>8</max_concurrency>
        <break_after_frontend>5</break_after_frontend>     
        <break_after_adminhtml>30</break_after_adminhtml>
        <bot_lifetime>7200</bot_lifetime>                   
    </redis_session>

I upped the break_after_frontend to 5s to see if that would help - maybe there was a timeout at 2.5 and the delay was caused by updating sessions to the database?? -and have tried both persistent and non-persistent connections.

monitoring of the redis process and underlying servers themselves shows no problems - responding to change in loads, and nowhere near cpu/mem capacity.

If you have any ideas, please let me know!

Cheers,

Steve

EDIT: I currently seem to have c. 50,000 sessions stored in redis, but only have an access rate of c. 4/s. Is there a simple way I can be more agressive in clearing theold session details out?

We are having repeated problems with the admin backend in Magento, but not any frequent problems on the front end. The front end is handled on two separate nodes, and a third runs the backend, all sharing common Redis caches (separate instances for Sessions, Magento Cache, and Full Page Cache). The Redis instances are on a 4th server.

a:5:{i:0;s:71:"read error on connection";i:1;s:2311:"#0 /var/www/vhosts/www.example.com/.modman/Cm_RedisSession/code/Model/Session.php(380): Credis_Client->__call('exec', Array)
#1 /var/www/vhosts/www.example.com/.modman/Cm_RedisSession/code/Model/Session.php(380): Credis_Client->exec()
#2 [internal function]: Cm_RedisSession_Model_Session->read('cm0uenj0pdj4im6...')
#3 /var/www/vhosts/www.example.com/app/code/core/Mage/Core/Model/Session/Abstract/Varien.php(125): session_start()
#4 /var/www/vhosts/www.example.com/app/code/core/Mage/Core/Model/Session/Abstract/Varien.php(168): Mage_Core_Model_Session_Abstract_Varien->start('adminhtml')
#5 /var/www/vhosts/www.example.com/app/code/core/Mage/Core/Model/Session/Abstract.php(84): Mage_Core_Model_Session_Abstract_Varien->init('core', 'adminhtml')
#6 /var/www/vhosts/www.example.com/app/code/core/Mage/Core/Model/Session.php(42): Mage_Core_Model_Session_Abstract->init('core', 'adminhtml')
#7 /var/www/vhosts/www.example.com/app/code/core/Mage/Core/Model/Config.php(1348): Mage_Core_Model_Session->__construct(Array)
#8 /var/www/vhosts/www.example.com/app/Mage.php(463): Mage_Core_Model_Config->getModelInstance('core/session', Array)
#9 /var/www/vhosts/www.example.com/app/Mage.php(477): Mage::getModel('core/session', Array)
#10 /var/www/vhosts/www.example.com/app/code/core/Mage/Core/Controller/Varien/Action.php(493): Mage::getSingleton('core/session', Array)
#11 /var/www/vhosts/www.example.com/app/code/core/Mage/Adminhtml/Controller/Action.php(160): Mage_Core_Controller_Varien_Action->preDispatch()
#12 /var/www/vhosts/www.example.com/app/code/core/Mage/Core/Controller/Varien/Action.php(407): Mage_Adminhtml_Controller_Action->preDispatch()
#13 /var/www/vhosts/www.example.com/app/code/core/Mage/Core/Controller/Varien/Router/Standard.php(250): Mage_Core_Controller_Varien_Action->dispatch('start')
#14 /var/www/vhosts/www.example.com/app/code/core/Mage/Core/Controller/Varien/Front.php(172): Mage_Core_Controller_Varien_Router_Standard->match(Object(Mage_Core_Controller_Request_Http))
#15 /var/www/vhosts/www.example.com/app/code/core/Mage/Core/Model/App.php(354): Mage_Core_Controller_Varien_Front->dispatch()
#16 /var/www/vhosts/www.example.com/app/Mage.php(684): Mage_Core_Model_App->run(Array)
#17 /var/www/vhosts/www.example.com/index.php(98): Mage::run('', 'store')
#18 {main}";s:3:"url";s:99:"/index.php/admin/sales_order_create/start/customer_id/3115/key/99f5680349b18f208dc386bcceaec7a6/";s:11:"script_name";s:10:"/index.php";s:4:"skin";s:5:"admin";}

There isn't a large number of admin requests occurring (typically only one or two people using it) and the other nodes appear to communicate to Redis just fine. They're all Rackspace cloud performance 8GB servers in the same DC.

Since this only happens in the backend, I'm not sure if it's just a backend triggered issue, or if it's the server, but I've tried monitoring connectivity to redis from that server and it never fails (and the cache / full page cache never error, just sessions).

Any suggestions on what to look for / instrument to investigate this? I tried adding a call to a shell command to get the number of active / time_wait / etc Redis connections when the error occurs, but there's never more than a couple in total on that server, so I'm pretty sure its not any kind of socket/descriptor starvation.

edit: replaced stacktrace with correct one

This is on my Mac, PHP 7.0.0 final and PHP 7.0 branch of redis.

2015-12-04T10:18:52+00:00 ERR (admin): /index.php/admin REQUEST: POST|{"form_key":"JmaxqtYwA8DMMSVm","login":{"username":"ccarnell","password":"*****"},"dummy":""} TIME: 0.144938s ADDRESS: 127.0.0.1 USER AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Firefox/42.0 FILE: mysite/app/code/core/Mage/Core/functions.php:247 Recoverable Error: session_regenerate_id(): Failed to create(read) session ID: user (path: ) in /Users/ccarnell/Sites/mysite/app/code/local/Mage/Core/Model/Session/Abstract/Varien.php on line 493

Hi guys

Occasionally some customers are losing the session. But my local test works great and many customers can buy without problems.

So I don't know how to investigate the problem. Any tip? Anyone with same problem?

p.s. Some time ago I've installed that Plumrocket AMP extension and it was great for performance and SEO. My tests with the extension are Ok too. Could it be related with?

Since I am struggling with delayed AJAX requests due to session locking, I am wondering if it would make sense to implement an option (set through a special parameter using define() maybe?) that would change the session to read-only mode (this would mean disable locking on read and do nothing on write). This way, in cases when we are sure that the session data will not be changed by the current request, there would be a considerable response speed increase.

I think it would be a nice feature; I can make a PR if you think it's worth implementing.

When I try to use the class:

<?php

include_once 'vendor/autoload.php';

//$c = new \Cm\RedisSession\Model\Session();
$c = new Cm_RedisSession_Model_Session();

In both cases I'm getting either

PHP Fatal error:  Uncaught Error: Class 'Cm\RedisSession\Model\Session' not found in /magento/1.php:5
Stack trace:
#0 {main}
  thrown in /magento/1.php on line 5

or

PHP Fatal error:  Uncaught Error: Class 'Cm_RedisSession_Model_Session' not found in /magento/1.php:6
Stack trace:
#0 {main}
  thrown in /magento/1.php on line 6

Composer version 2.2.17, PHP 7.1

Hello,

I'm using Magento 1.9.x with Nginx/PHP-FPM 7.0, if i enable suhosin module (more specifically "suhosin.session.encrypt" option) my backend session lost randomically, if i press f5 multiple times the session down and i need login again.

There are some incompatibility with module and suhosin?

Thank you!

I try to install the Cm_RedisSession Modul manually but I got the following error:

mod_fcgid: stderr: PHP Fatal error:  
Class Cm_RedisSession_Model_Session_Config contains 4 abstract methods and must therefore be declared abstract or implement the remaining methods 
(Cm\\RedisSession\\Handler\\ConfigInterface::getSentinelServers, Cm\\RedisSession\\Handler\\ConfigInterface::getSentinelMaster, Cm\\RedisSession\\Handler\\ConfigInterface::getSentinelVerifyMaster, ...) 
in /var/www/share/shop/htdocs/app/code/local/Cm/RedisSession/Model/Session/Config.php on line 197

My Folder Structure:

app/code/local --Cm/RedisSession ----Cm_RedisSession Files ----lib/src/Cm/RedisSession ------php-redis-session-abstract FIles --Credis ----credis Files

I’m hoping this can be a collaborative effort between @colinmollenhour, @jonpday, @aedmonds and myself (Cc: @kyleterry for visibility). Could we use this pull request to review the proposed change and make improvements?

Changes

• Refactored log_broken_locks into a log_level with standard levels (RFC-3164); deprecated log_broken_locks
• Adjusted log messages for clarity and changed level of existing log messages based on my understanding of severity
• Added debug loggers to aid developers in understanding the internals
• Added timing and compression instrumentation (at debug level) to aid developers

Testing

• I haven’t yet tested any of this, and I’m aware that’s in bad form (firing up a VM now…)

When this module is installed via Composer with the magento-hackathon/magento-composer-installer, the following error occurs:

PHP Fatal error:  require_once(): Failed opening required '/var/www/myproject/branches/master/vendor/colinmollenhour/magento-redis-session/code/Model/../lib/src/Cm/RedisSession/Handler/ConfigInterface.php' (include_path='/var/www/myproject/branches/master/vendor/magento/zendframework1/library:/var/www/myproject/branches/master/app/code/local:/var/www/myproject/branches/master/app/code/community:/var/www/myproject/branches/master/app/code/core:/var/www/myproject/branches/master/lib:.:/usr/share/pear:/usr/share/php') in /var/www/myproject/branches/master/vendor/colinmollenhour/magento-redis-session/code/Model/Session.php on line 32

I am using this as a temporary fix in my composer.json:

    "scripts": {
        "post-install-cmd": [
            "cd vendor/colinmollenhour/magento-redis-session/code/lib && ln -s ../../../php-redis-session-abstract/src"
        ]
    }

There is a missing connection on the lib/src directory needing to be pointed to the php-redis-session-abstract/src directory. Another fix for this I believe would be to not call the require at all in the php and let the autoloader find it.

Hello,

In the past, I had installed the extension Cm_RedisSession on Magento 1.7.0.2. The relevant extension had been installed under the directory /app/code/local/Cm/RedisSession. Afterwards, I upgraded to Magento 1.9.4.5 which has native support for Redis sessions. So, I ended up with having code under both the following directories:

/app/code/local/Cm/RedisSession /app/code/community/Cm/RedisSession

The file /app/etc/modules/Cm_RedisSession.xml seems to be that of Magento 1.9.4.5 which has codePool=community, and not the one of the extension Cm_RedisSession I got from github which had codePool=local. However, after conducting some checks I got the impression that the Cm_RedisSession extension actually used by my Magento installation is the initial one installed under /app/code/local/Cm, and not the native one installed under /app/code/community/Cm.

So, I have 3 questions:

1. How can I make the native one be used by Magento installation?
2. Which of the above extensions System > Configuration > Advanced > Cm_RedisSession=Enable corresponds to?
3. I know that the Cm_RedisSession I got from github does not support Compiler. Can I enable Magento compiler with the native Cm_RedisSession extension of Magento 1.9.4.5?

When attacker gains partial access to server, it is really easy to steal all session ids with simple command:

redis-cli keys sess_*

From my view, it is wrong that the session_id is used as plain text as redis key. I would hash+salt the session_id for creating the redis key. If this would be applied, the attack described above would not be possible, because the only thing that you would get, would be hashes that cannot be used as cookie in browser. It protects the sessions even against on-purpose-privileged people, like server admins.

With the filesystem sessions, you can protect against such attack with setting file owner to root and disallow the webserver user to list the files inside the sessions directory (chmod a-x sessions_dir). Switching to redis session is step down from security view as the session_ids are visible.

Class Cm_RedisSession_Model_Session_Config implements \Cm\RedisSession\Handler\ConfigInterface. However I can't fin the ConfigInterface.php file. In some places it is also required like:

require_once __DIR__.'/../lib/src/Cm/RedisSession/Handler/ConfigInterface.php

Is the file missing, or is the issue on my side?

Similar story is regarding Cm\RedisSession\Handler\LoggerInterface

Running EcomDev_PhpUnit with E_ALL on PHP 7.4 (modified version of OpenMage) and my tests are complaining with this error:

Error: Warning: session_set_save_handler(): Cannot change save handler when headers already sent  in app/code/community/Cm/RedisSession/Model/Session.php on line 51

That's setSaveHandler() being called multiple times. I changed this locally by just putting the call in the constructor. Since it never gets created outside of the getResourceSingleton() calls, this works. Since this repo doesn't have control over those areas, it could instead set a property and check that: private $isSessionSaveHandlerSet = false and then check if it is true/false in the setSaveHandler() method. If it is already set, do nothing.

Hello,

I'm using a Redis instance for Sessions and a separate Redis instance for Cache on Magento 1.9.4.5 with PHP 7.2. Upon every HTTP request, I see the below line at the file error_log:

PHP Warning: Module 'redis' already loaded in Unknown on line 0

I don't know which of the two modules Cm_RedisSession or Cm_Cache_Backend_Redis is responsible for that.

I believe that this warning occurs below ISP has installed Redis module for PHP (see attached screenshot from phpinfo). This line fills up my log file. Is there any way to suppress this warning in the Cm_RedisSession or Cm_Cache_Backend_Redis modules, or the only solution is to remove Redis module from PHP?

I was wondering if it's possible to return back from Redis sessions to MySQL without loosing the current sessions set within Redis. There is are migration scripts to migrate to Redis but not vice versa.