MongoSession is a PHP session handler wrapped around MongoDB. It can be used as a replacement for standard, cookie-based sessions. The MongoSession PHP session handler class was built as a drop-in for easily switching to handling sessions using Mongo. It's a great replacement to memcache(d) for VPS servers where you risk memory being reshuffled in the pool and taking performance hits. There are currently inherent risks in using MongoDB as your session handler that you can read more about.

Fork me on GitHub


Based on a new blog post entitled MongoDB Performance & Durability, you should be made fully aware that MongoDB versions greater than 1.4.4 risk corrupting or losing session data. There are no guarantees of 100% reliability. Certain preventative measures are available to reduce this risk. Possibilities include setting up a replica pairs (replica sets are available in 1.6+). Alot of the concerns are minor when we’re talking about simple user login validation. You might be risking a maximum of losing a minute’s worth of data in the worst case and forcing a re-login.

Two boolean constants were added to the library which allow you to specify whether you’d like to increase the consistency of the session handler. You may toggle both FSYNC and SAFE to ensure session data is written to disk before returning.

A user has reported that the default session handler uses file locking to avoid race conditions. He linked to a great article, Race Conditions with AJAX and PHP Sessions, which spells out the issue and the possible negative outcomes of not implementing locking. I have recently updated the library to support atomic operations on both session writes and garbage collection to help prevent these race conditions.


Basic usage for a single MongoDB database on localhost is as simple as the following:

More advanced setups including sharding, replication, or multiple MongoDB servers will require you to pass a configuration array to the class. An example of the configuration array is as follows:


MongoSession is currently hosted on Github.

  • git clone
  • git clone [email protected]:cballou/MongoSession.git
  • wget
  • wget


If you have any problems with MongoSession, please file a ticket/issue/bug on Github and I will attempt to address it at my earliest convenience.

MongoSession Issues on Github


MongoSession is licensed under the MIT License

The MIT License is simple and easy to understand and it places almost no restrictions on what you can do with TextCounter.

You are free to use MongoSession in commercial projects as long as any copyright headers and license file are left intact.


  • Jan 6, 2014
    Renaming new secure cookie config settings to match other settings.
  • Dec 30, 2013
    Merged pull request to support cookie security flags "secure" and "http-only".
  • Mar 1, 2013
    Merged pull request to support deletion of session as "safe" is now deprecated.
  • May 9, 2012
    Merged pull requests to fix session locking, update and upsert operations, and updated replicaset configuration to use the replicaset name.
  • May 11, 2011
    Fix syntax highlighting in README.
  • Jan 18, 2011
    Merged in pull request bug fixes to support newer versions of MongoDB.
  • Jul 19, 2010
    Updating the session handler to support atomic update operations on both write and garbage collection. Also removed the unnecessary secondary id field and index.
  • Jul 1, 2010
    Initial commit of repository.

About the Author

is a full-stack web applications developer in Charlotte, NC with 9+ years professional experience. He holds a bachelors degree in Computer Science and has been working remotely since 2012. He specializes in LAMP/LEMP stack development with Laravel and WordPress. Corey is the owner and principal consultant at Craft Blue, a custom web applications development consultancy. He's also the co-organizer of the Queen City PHP meetup group in Charlotte. He is an entrepreneur, blogger, open source contributor, beer lover, startup advocate, chicken wrangler, hydroponics gardening dabbler, and homebrewer.

Corey works with agencies, startups, and businesses.

Contact Corey to see how Craft Blue can help you.