Like many, our startup began by storing sessions in MySQL (InnoDB). This has become inefficient -- basically requiring us to write to the database on every page load.<p>Many people suggest using Memcached to store sessions but one of the core memcached developers recommends against that here: http://bit.ly/dZCT<p>Storing sessions in a cache is not really what they were designed for: caches can evict data, and if you only have one memcached instance, your sessions would be contending for space with the rest of your cached variables.<p>My question is: what do you use to store sessions on your high-traffic application where speed matters? What is the very best solution to this problem? What do places like Facebook do here?
As someone that ran a company for a number of years that sold solutions for session storage, the best solution is not to store them...<p>Encode your state in cookies instead. Of course, that's much easier said then done, especially given the size limits, but if you can, then it's an awesome approach.<p>A good way to make this work is to identify what in your session is a cache of other data (e.g. your user record) and what is actually true session data (e.g. the user id). You only need store the former, the latter can be cached in memcached.<p>Cookies are sent on every request, so you probably need to use an asset domain for best performance.<p>Don't forget to make sure that your cookies are secure. That's been pretty well covered recently, but I think it involves typing A-E-S or something like that :-)