This document describes Schibsted Payment's migration from a PHP implementation to a Node.js implementation for handling session check requests. The PHP implementation was slow and caused bottlenecks due to unnecessary loading. The new Node.js implementation using Nginx and MongoDB achieved a throughput of 7 million requests over 20 minutes during load testing, representing a major performance increase. Some challenges were encountered with reading PHP sessions in Node.js, cluster module stability, and unstable modules.

1. HIGH PERFORMANCE SESSION
CHECKS
Mikael Lindström
Schibsted Payment

2. WHAT IS OUR SESSION CHECKS?




Javascript SDK send a session check request
SPiD backend extracts the cookie
Fetches session, client and user objects from MongoDB
Business logic validates the session and checks that the
client has access to the user
 Updates the session timestamp in MongoDB
 Returns some json data in a jsonp container

3. OLD IMPLEMENTATION
 PHP - implementation
 MongoDB – sessions and clients

4. PROBLEM
 Our PHP implementation does a lot of bootstrapping
 Loads and initiates unnecessary functionality for each
request
 Huge amount of requests to this specific endpoint
becomes a bottleneck
 Potentially called for each pageview on our clients.

5. NEW IMPLEMENTATION
 Nginx – ssl termination
 Node.js – implementation
 MongoDB – sessions and clients

6. TEST MACHINE




HP gen 8 blade
14 node worker processes
14 nginx processes
MongoDB session database
 Testing using LoadImpact (loadimpact.com)

7. RESULTS
 20 minutes
 7 million requests
 36 cups of coffee

8. PROBLEMS




Reading PHP sessions in node is hard
Cluster module unstable
Callback hell
Some modules we used was a bit unstable

9. CONCLUSION
 Solution was more complex than we initially thought. We
could have benefitted from a framework.
 Callbacks vs promises and yields
 Huge performance increase
 Bottleneck today is Nginx (ssl termination)
 ssl termination in Load Balancer

10. QUESTIONS?