Session Management

Session Handling

Deserted Chateau uses phpredis as a session handler, both for improved performance (versus storing sessions on the webservers themselves) and to enable centralised session management across multiple webservers.

Session regeneration and expiration

User session IDs are regenerated whenever they are over 30 minutes old. The old sessions are marked as obsolete and unlinked from Redis within 60 seconds via the EXPIRE command.

User agent filtering and session usage

Bots and crawlers that visit the site don't generally use cookies or otherwise remember session IDs, so they can cause large numbers of sessions on test environments where WAF isn't activated.