Storing sessions in Memcached: The pitfalls

Some projects have a lot of web servers, and they need a Memcached server to store the non-sticky sessions. So, the users can access the web servers without any session problems.

One fine day…

Suddenly, some users face log out problems while everything is going right with your project.

You decided to analyze your code right away. Everything is ok with your code.
Most probably, Memcached deletes your users’ session data.

How so?

Let’s say; X user logged into the website and his session data has written to the Memcached server. Right after, hundreds of users logged into the website and there was no sufficient memory space in the Memcached server. The X user’s session data has deleted and that’s why the user has logged out.

Well, why Memcached deleted his session data?

For instance; You have set up 64 MB (example value) memory in the Memcached server. The all 64 MB memory space is in-use. Memcached would be applying LRU (Least Recently Used) to keys.

When Memcached applies the LRU algorithm, X user’s session will be deleted from the Memcached server’s memory.

Another problem; Memcached doesn’t support persistent storage. Therefore, if you shut down and start Memcached for some reason (configuration changes, restart OS, hardware upgrade etc.) then you will lose the session data. So, your users will lose their sessions while they are using the website. It might be an unpleasant experience for your clients.

If you don’t want to lose the sessions then you will have to store the sessions in a database that supports persistent storage.