Moodle sessions work like standard PHP sessions, the only differences are:

• we require locked sessions because we store critical information in them that can not get out of sync
• we use extra fields in session table to allow lookup of user session via ID or last modified time

The general data flow is:

1. request wants to start session
2. acquire lock, wait if already acquired
3. read session data and decode
4. execute some code
5. write session state back
6. release lock

Requirements:

• it must be 100% reliable - no data/session loss allowed
• locking is mandatory
• it has to deal with large data (thanks to current design of moodle)
• we want to get all sessions of one particular user
• we need to be able to drop all sessions
• we need to get list of sessions older than some date

Problems:

• at present we have only one fully functional driver (db sessions)
• it might be easier to create memcached driver backed by db session storage and locking first and see how much faster that is
• the session is sometimes ridiculously big, we should solve that asap