Erlang: Session management and timeout

tags:

erlang

views:

266

answers:

+2 Q:

Erlang: Session management and timeout

I'm writing http session manager (gen_server based). That server creates and removes session from in-memory storage. I need to remove expired session on timeout. I have two solutions:

Create one timer to remove expired sessions from manager
Create timer for each session

First solution locks server while all sessions are not processed (lock issue). Second solution takes process for each session (memory issue).

Question is which solution is right?

Thank you!

+2 A:

A low frequency event should be handle by a low frequency process IMO. You don't want to be "spending" too much resources on something that's not "generating" value.

The "clean-up" activity does not appear to require "locking-up" the server. Maybe you need to expand on this point.

Why do you need to "lock" something in your solution #1? What are your concerns here? Please detail your concerns a bit more so I can provide more suggestions.

jldupont 2009-11-09 13:45:26

You want say the first solution makes sense. Right?

sinnus 2009-11-09 13:53:20

Yes I am saying that the overall strategy of #1 is more inline with the value of the cleaning-up activity. What I don't understand is the "locking the server up".

jldupont 2009-11-09 13:54:59

gen_server has State with sessions what can be created or removed with callback functions. To implement strategy #1 I will create new callback function like: handle_call({remove_expired_session} ...). When timer is calling that function, another calls will wait until remove_expired_session will be completed. It looks like lock.

sinnus 2009-11-09 14:02:23

Looks more like a delay to me. At one point you'll have to do some clean-up processing no? If you are concerned about the duration of your activity in this particular process, you can always use other processes and split the job, no?

jldupont 2009-11-09 14:07:32

Yeah. You right, I can split the job if clean-up routine will take a lot of time.

sinnus 2009-11-09 14:11:39

+1 A:

This is how I handle sessions in my pet "web framework".

Worker processes directly look up existing sessions and create new sessions into an ets table (without any server intervention). Also worker processes check after successful lookup if the session is dead. If so, it creates a new session, and deletes the old one. As the ets table need not be ordered, write concurrency can be enabled.

The role of the "session server" is to own the session table, and to spawn a cleanup process every now and then. This is a low prio process that goes through the ets table with ets:next() calls, and deletes expired sessions.

Note that there are no timers involved.

Zed 2009-11-09 14:08:53

Why does worker process create session? In web application http request creates session.

sinnus 2009-11-09 14:17:37

@Zed: this time around you are cryptic.

jldupont 2009-11-09 14:39:47

By worker process I meant the process who is actually handling the http request itself. E.g. in mochiweb the one who is executing the registered loop function.

Zed 2009-11-09 15:24:52

Anyway, my point is that there's no reason to use timers at all. Dead sessions do not cause extra system load or memory usage; then why bother with killing them so accurately with timers for each session?

Zed 2009-11-09 16:34:32

@Zed: another part of application can depend on life cycle of session. For example, online information or messaging system based on http.

sinnus 2009-11-09 18:16:33

What is the timeout value you use for your sessions?

Zed 2009-11-09 19:25:13

@Zed: What do you mean?

sinnus 2009-11-10 06:05:52

@sinnus: After how long inactivity do you treat a session as expired?

Zed 2009-11-10 07:23:49

@Zed: It's configurable parameter. Default value is 5 minute.

sinnus 2009-11-10 21:05:47

+3 A:

Use timer:send_after, timer:exit_after or timer:kill_after. timer module uses ets for store timers and there is only one gen_server for whole VM. Store timer reference in each session record for timer restarting or so. It is simple and clean solution.

Hynek -Pichi- Vychodil 2009-11-09 15:52:47

You right but each timer handler will be invoked withing new process. If many handlers are called at once, many processes will be created.

sinnus 2009-11-09 20:37:21

Why use a machine gun to kill a fly?

jldupont 2009-11-09 22:38:27

Sorry, send_after doesn't create process. I mean timer:apply_after function.

sinnus 2009-11-10 06:13:35

You cant really go wrong with any of the suggested solutions as long as you dont have ginourmous numbers of sessions. And what im saying with that is that you should benchmark.

The timer module is implemented as an ordered ets table where ets:first can efficiently find the first timer that should expire and sleep until that happens. So there is no problem in adding many thousand timers through the timer module. One per session.

If you have very many sessions, then the problem of having a fail safe design is likely a larger issue. You would need to distribute your session database so requests can be load balanced and you're not vulnerable to any one web server machine going down.

And that is how specific I feel one can be without the functional requirements.

Christian 2009-11-09 16:54:54

ansaurus

tags:

views:

answers:

Erlang: Session management and timeout

related questions