Is there a way to find out what is using PHP sessions or spawning PHP processes?
My Wordpress site gets heavy traffic (3.5 million hits per month). We discovered recently that we had permissions set incorrectly for a long time, meaning nothing could access PHP sessions. Unfortunately, after we fixed permissions, we found that tons of PHP processes are being spawned rapidly and the server goes completely unresponsive. It won't even come back from health check. It's a dedicated Nginx server in AWS and nothing else is running on it. What we see is that dozens of PHP processes start and keep growing. The issue doesn't happen if we again "break" the PHP session permissions, so have determined that something in Wordpress (probably a plugin?) is using PHP session excessively.
We can't reproduce in dev because it only happens under the high load of the production site, with hundreds of users hitting the site at once. Due to Wordpress requirements to have a bunch of database entries be the same as the domain it runs on, our dev environment is just a different IP that we access by changing our hosts file to point to it. It's not publicly accessible for us to use a service to simulate load.
But, due to the high user base it's not really feasible to just turn off all the plugins, as the site would completely break without them. We can't rely on backtracking recent changes because the permissions have been broken for months, so have no idea what to even roll back.
Is there a way to find out what is using PHP sessions in WordPress? Or alternatively, what is spawning PHP processes? If we could determine that, I think we'd find the root cause.
Is there a way to find out what is using PHP sessions or spawning PHP processes?
My Wordpress site gets heavy traffic (3.5 million hits per month). We discovered recently that we had permissions set incorrectly for a long time, meaning nothing could access PHP sessions. Unfortunately, after we fixed permissions, we found that tons of PHP processes are being spawned rapidly and the server goes completely unresponsive. It won't even come back from health check. It's a dedicated Nginx server in AWS and nothing else is running on it. What we see is that dozens of PHP processes start and keep growing. The issue doesn't happen if we again "break" the PHP session permissions, so have determined that something in Wordpress (probably a plugin?) is using PHP session excessively.
We can't reproduce in dev because it only happens under the high load of the production site, with hundreds of users hitting the site at once. Due to Wordpress requirements to have a bunch of database entries be the same as the domain it runs on, our dev environment is just a different IP that we access by changing our hosts file to point to it. It's not publicly accessible for us to use a service to simulate load.
But, due to the high user base it's not really feasible to just turn off all the plugins, as the site would completely break without them. We can't rely on backtracking recent changes because the permissions have been broken for months, so have no idea what to even roll back.
Is there a way to find out what is using PHP sessions in WordPress? Or alternatively, what is spawning PHP processes? If we could determine that, I think we'd find the root cause.
As far as I know, WP doesn't use PHP Sessions, only Native solution (Storing Session data of logged-in users in DB). Perhaps some other additional functionality (plugin/addon/theme) use it?
What you can do is check whats in sessions files. Search for occurrences of keys you found in sessions in your code base. Localize problem and solve it.
There another way around would be to switch sessions to memory (install memcached server and reroute session to be served by memcached)
3.5 Million users per month is 5-6 users per seconds on average. It's not so much for nginx/php/mysql with WP installed (only heavy SQL queries can be your other bottleneck but it doesn't sound like the case now).
Add debugging statements to your theme's functions.php
add_action('init', 'debug_sessions');
function debug_sessions() {
if (isset($_SESSION)) {
error_log('Sessions are being used!');
}
}
Enable WordPress debug mode by adding the following lines to your wp-config.php file
define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
wp-content/debug.log file. Check this log file for any entries related to PHP sessions.
I think you're ideally going to need server-level access to monitor that kind of thing as it is related to HTTP(s) traffic. You could reach out to your hosts, or if you run your own server, look at a traffic monitoring module for it.
$_SESSION? When you say permissions were set incorrectly, what was the issue and with which folders? This implies that file writes are a potential culprit, check the PHP error logs for warnings from before you fixed the permissions – Tom J Nowell ♦ Commented Apr 11, 2018 at 17:03