Comprehensive summary of PHP timeout processing (1)_PHP tutorial
【Overview】
In PHP development, there are many situations where timeout processing is used. Let me talk about a few scenarios:
1. Asynchronous acquisition of data if If a certain back-end data source is not successfully obtained, it will be skipped without affecting the display of the entire page
2. In order to ensure that the web server will not be unable to access other pages due to poor processing performance of the current page, a certain back-end data source will be skipped. Some page operation settings
3. For some uploads or situations where the processing time is uncertain, all timeouts in the entire process need to be set to infinite. Otherwise, improper setting of any link will lead to inexplicable execution interruption
4. Multiple backend modules (MySQL, Memcached, HTTP interface), in order to prevent the performance of a single interface from being too poor, causing the entire front to obtain data too slowly, affecting the page opening speed and causing an avalanche
5 .. . . There are many occasions where timeouts are required
These places need to consider the setting of timeouts, but timeouts in PHP are divided into categories, and each processing method and strategy is different. For the purpose of describing the system, I have summarized the commonly used ones in PHP Summary of timeout handling.
[Web server timeout processing]
[Apache]
Generally, when performance is high, the default all timeout configurations are 30 seconds, but when uploading files or the network speed is very slow, a timeout operation may be triggered.
There are currently three timeout settings in apache fastcgi php-fpm mode:
fastcgi timeout setting:
Modify the fastcgi connection configuration of httpd.conf, similar to the following:
<ol class="dp-xml"> <li class="alt"><span><span class="tag"><span class="tag-name">IfModule</span><span> mod_fastcgi.c</span><span class="tag">></span><span> </span></span></span></li> <li><span> FastCgiExternalServer /home/forum/apache/apache_php/cgi-bin/php-cgi -socket /home/forum/php5/etc/php-fpm.sock </span></li> <li class="alt"><span> </span></li> <li><span> ScriptAlias /fcgi-bin/ "/home/forum/apache/apache_php/cgi-bin/" </span></li> <li class="alt"><span> </span></li> <li><span> AddHandler php-fastcgi .php </span></li> <li class="alt"><span> </span></li> <li><span> Action php-fastcgi /fcgi-bin/php-cgi </span></li> <li class="alt"><span> </span></li> <li><span> AddType application/x-httpd-php .php </span></li> <li class="alt"><span> </span></li> <li> <span class="tag"></span><span class="tag-name">IfModule</span><span class="tag">></span><span> </span> </li> </ol>
The default configuration is 30s. If you need to customize your own configuration, you need to modify the configuration, for example, change it to 100 seconds: (restart apache after modification):
<ol class="dp-xml"> <li class="alt"><span><span class="tag"><span class="tag-name">IfModule</span><span> mod_fastcgi.c</span><span class="tag">></span><span> </span></span></span></li> <li><span> </span></li> <li class="alt"><span> FastCgiExternalServer /home/forum/apache/apache_php/cgi-bin/php-cgi -socket /home/forum/php5/etc/php-fpm.sock -idle-timeout 100 </span></li> <li><span> </span></li> <li class="alt"><span> ScriptAlias /fcgi-bin/ "/home/forum/apache/apache_php/cgi-bin/" </span></li> <li><span> </span></li> <li class="alt"><span> AddHandler php-fastcgi .php </span></li> <li><span> </span></li> <li class="alt"><span> Action php-fastcgi /fcgi-bin/php-cgi </span></li> <li><span> </span></li> <li class="alt"><span> AddType application/x-httpd-php .php </span></li> <li><span> </span></li> <li class="alt"> <span class="tag"></span><span class="tag-name">IfModule</span><span class="tag">></span><span> </span> </li> </ol>
If it times out, 500 will be returned Error, disconnect from the backend php service, and record an apache error log:
<ol class="dp-xml"> <li class="alt"><span><span>[Thu Jan 27 18:30:15 2011] [error] [client 10.81.41.110] FastCGI: comm with server "/home/forum/apache/apache_php/cgi-bin/php-cgi" aborted: idle timeout (30 sec) </span></span></li> <li><span> </span></li> <li class="alt"><span>[Thu Jan 27 18:30:15 2011] [error] [client 10.81.41.110] FastCGI: incomplete headers (0 bytes) received from server "/home/forum/apache/apache_php/cgi-bin/php-cgi" </span></li> </ol>
Other fastcgi configuration parameter description:
<ol class="dp-xml"> <li class="alt"><span><span>IdleTimeout 发呆时限 </span></span></li> <li><span>ProcessLifeTime 一个进程的最长生命周期,过期之后无条件kill </span></li> <li class="alt"><span> </span></li> <li><span>MaxProcessCount 最大进程个数 </span></li> <li class="alt"><span> </span></li> <li><span>DefaultMinClassProcessCount 每个程序启动的最小进程个数 </span></li> <li class="alt"><span> </span></li> <li><span>DefaultMaxClassProcessCount 每个程序启动的最大进程个数 </span></li> <li class="alt"><span> </span></li> <li><span>IPCConnectTimeout 程序响应超时时间 </span></li> <li class="alt"><span> </span></li> <li><span>IPCCommTimeout 与程序通讯的最长时间,上面的错误有可能就是这个值设置过小造成的 </span></li> <li class="alt"><span> </span></li> <li><span>MaxRequestsPerProcess 每个进程最多完成处理个数,达成后自杀 </span></li> </ol>
[ Lighttpd ]
Configuration: lighttpd.conf
In the Lighttpd configuration, the parameters regarding timeout are as follows (for space consideration, only the read timeout is written, and the same is true for the write timeout parameter):
Mainly involves options:
<ol class="dp-xml"> <li class="alt"><span><span class="attribute">server.max-keep-alive-idle</span><span> = </span><span class="attribute-value">5</span><span> </span></span></li> <li><span> </span></li> <li class="alt"> <span class="attribute">server.max-read-idle</span><span> = </span><span class="attribute-value">60</span><span> </span> </li> <li><span> </span></li> <li class="alt"> <span class="attribute">server.read-timeout</span><span> = </span><span class="attribute-value">0</span><span> </span> </li> <li><span> </span></li> <li class="alt"> <span class="attribute">server.max-connection-idle</span><span> = </span><span class="attribute-value">360</span><span> </span> </li> </ol>
<ol class="dp-xml"> <li class="alt"><span><span>-------------------------------------------------- </span></span></li> <li><span> </span></li> <li class="alt"><span># 每次keep-alive 的最大请求数, 默认值是16 </span></li> <li><span> </span></li> <li class="alt"> <span class="attribute">server.max-keep-alive-requests</span><span> = </span><span class="attribute-value">100</span><span> </span> </li> <li><span> </span></li> <li class="alt"><span># keep-alive的最长等待时间, 单位是秒,默认值是5 </span></li> <li><span> </span></li> <li class="alt"> <span class="attribute">server.max-keep-alive-idle</span><span> = </span><span class="attribute-value">1200</span><span> </span> </li> <li><span> </span></li> <li class="alt"><span># lighttpd的work子进程数,默认值是0,单进程运行 </span></li> <li><span> </span></li> <li class="alt"> <span class="attribute">server.max-worker</span><span> = </span><span class="attribute-value">2</span><span> </span> </li> <li><span> </span></li> <li class="alt"><span># 限制用户在发送请求的过程中,最大的中间停顿时间(单位是秒), </span></li> <li><span> </span></li> <li class="alt"><span># 如果用户在发送请求的过程中(没发完请求),中间停顿的时间太长,lighttpd会主动断开连接 </span></li> <li><span> </span></li> <li class="alt"><span># 默认值是60(秒) </span></li> <li><span> </span></li> <li class="alt"> <span class="attribute">server.max-read-idle</span><span> = </span><span class="attribute-value">1200</span><span> </span> </li> <li><span> </span></li> <li class="alt"><span># 限制用户在接收应答的过程中,最大的中间停顿时间(单位是秒), </span></li> <li><span> </span></li> <li class="alt"><span># 如果用户在接收应答的过程中(没接完),中间停顿的时间太长,lighttpd会主动断开连接 </span></li> <li><span> </span></li> <li class="alt"><span># 默认值是360(秒) </span></li> <li><span> </span></li> <li class="alt"> <span class="attribute">server.max-write-idle</span><span> = </span><span class="attribute-value">12000</span><span> </span> </li> <li><span> </span></li> <li class="alt"><span># 读客户端请求的超时限制,单位是秒, 配为0表示不作限制 </span></li> <li><span> </span></li> <li class="alt"><span># 设置小于max-read-idle时,read-timeout生效 </span></li> <li><span> </span></li> <li class="alt"> <span class="attribute">server.read-timeout</span><span> = </span><span class="attribute-value">0</span><span> </span> </li> <li><span> </span></li> <li class="alt"><span># 写应答页面给客户端的超时限制,单位是秒,配为0表示不作限制 </span></li> <li><span> </span></li> <li class="alt"><span># 设置小于max-write-idle时,write-timeout生效 </span></li> <li><span> </span></li> <li class="alt"> <span class="attribute">server.write-timeout</span><span> = </span><span class="attribute-value">0</span><span> </span> </li> <li><span> </span></li> <li class="alt"><span># 请求的处理时间上限,如果用了mod_proxy_core,那就是和后端的交互时间限制, 单位是秒 </span></li> <li><span> </span></li> <li class="alt"> <span class="attribute">server.max-connection-idle</span><span> = </span><span class="attribute-value">1200</span><span> </span> </li> <li><span> </span></li> <li class="alt"><span>-------------------------------------------------- </span></li> </ol>
Description:
For consecutive requests on a keep-alive connection, the maximum interval for sending the first request content is determined by the parameter max -read-idle determines, starting from the second request, the maximum interval for sending request content is determined by the parameter max-keep-alive-idle. The timeout between requests is also determined by max-keep-alive-idle. The total timeout for sending request content is determined by the parameter read-timeout. The timeout for Lighttpd to interact with the backend is determined by max-connection-idle.
Extended reading:
http://www.snooda.com/read/244
[ Nginx ]
Configuration :nginx.conf
<ol class="dp-xml"> <li class="alt"><span><span>http { </span></span></li> <li><span> </span></li> <li class="alt"><span> #Fastcgi: (针对后端的fastcgi 生效, fastcgi 不属于proxy模式) </span></li> <li><span> </span></li> <li class="alt"><span> fastcgi_connect_timeout 5; #连接超时 </span></li> <li><span> </span></li> <li class="alt"><span> fastcgi_send_timeout 10; #写超时 </span></li> <li><span> </span></li> <li class="alt"><span> fastcgi_read_timeout 10; #读取超时 </span></li> <li><span> </span></li> <li class="alt"><span> </span></li> <li><span> </span></li> <li class="alt"><span> #Proxy: (针对proxy/upstreams的生效) </span></li> <li><span> </span></li> <li class="alt"><span> proxy_connect_timeout 15s; #连接超时 </span></li> <li><span> </span></li> <li class="alt"><span> proxy_read_timeout 24s; #读超时 </span></li> <li><span> </span></li> <li class="alt"><span> proxy_send_timeout 10s; #写超时 </span></li> <li><span> </span></li> <li class="alt"><span>} </span></li> </ol>
Explanation:
Nginx’s timeout settings are very clear and easy to understand. The above timeouts are for different working modes, but there are many problems caused by timeouts.
Extended reading:
http://hi.baidu.com/pibuchou/blog/item/a1e330dd71fb8a5995ee3753.html
http://hi.baidu.com/ pibuchou/blog/item/7cbccff0a3b77dc60b46e024.html
http://hi.baidu.com/pibuchou/blog/item/10a549818f7e4c9df703a626.html
http://www.apoyl.com/ ?p=466
1

In PHP, you can use session_status() or session_id() to check whether the session has started. 1) Use the session_status() function. If PHP_SESSION_ACTIVE is returned, the session has been started. 2) Use the session_id() function, if a non-empty string is returned, the session has been started. Both methods can effectively check the session state, and choosing which method to use depends on the PHP version and personal preferences.

Sessionsarevitalinwebapplications,especiallyfore-commerceplatforms.Theymaintainuserdataacrossrequests,crucialforshoppingcarts,authentication,andpersonalization.InFlask,sessionscanbeimplementedusingsimplecodetomanageuserloginsanddatapersistence.

Managing concurrent session access in PHP can be done by the following methods: 1. Use the database to store session data, 2. Use Redis or Memcached, 3. Implement a session locking strategy. These methods help ensure data consistency and improve concurrency performance.

PHPsessionshaveseverallimitations:1)Storageconstraintscanleadtoperformanceissues;2)Securityvulnerabilitieslikesessionfixationattacksexist;3)Scalabilityischallengingduetoserver-specificstorage;4)Sessionexpirationmanagementcanbeproblematic;5)Datapersis

Load balancing affects session management, but can be resolved with session replication, session stickiness, and centralized session storage. 1. Session Replication Copy session data between servers. 2. Session stickiness directs user requests to the same server. 3. Centralized session storage uses independent servers such as Redis to store session data to ensure data sharing.

Sessionlockingisatechniqueusedtoensureauser'ssessionremainsexclusivetooneuseratatime.Itiscrucialforpreventingdatacorruptionandsecuritybreachesinmulti-userapplications.Sessionlockingisimplementedusingserver-sidelockingmechanisms,suchasReentrantLockinJ

Alternatives to PHP sessions include Cookies, Token-based Authentication, Database-based Sessions, and Redis/Memcached. 1.Cookies manage sessions by storing data on the client, which is simple but low in security. 2.Token-based Authentication uses tokens to verify users, which is highly secure but requires additional logic. 3.Database-basedSessions stores data in the database, which has good scalability but may affect performance. 4. Redis/Memcached uses distributed cache to improve performance and scalability, but requires additional matching

Sessionhijacking refers to an attacker impersonating a user by obtaining the user's sessionID. Prevention methods include: 1) encrypting communication using HTTPS; 2) verifying the source of the sessionID; 3) using a secure sessionID generation algorithm; 4) regularly updating the sessionID.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft

SublimeText3 Chinese version
Chinese version, very easy to use

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
