FYI, a common issue that people run into after setting up Magento for Redis Sessions is running into this error
Error: Warning: session_start(): Failed to read session data: user (path: /var/lib/php/sessions) in /var/www/html/vendor/magento/framework/Session/SessionManager.php on line 206
This happens when a user opens more than 6 sessions in quick succession. For example, clicking multiple links Frontend/Backend. The default configuration is max sessions per user is “6”. Which is very low and should be tweaked higher based on what your server can handle.
It’s a message that’s logged every time you start Redis. They indicate that you should optimise your Redis Configuration for better performance. That’s beyond the scope of my expertise and what we cover here. You’ll need to head over to https://serverfault.com/ or something like that to get advice from someone who works in DevOps.
Fine-tuning your web server for optimal performance is someones ongoing job and not a one-size-fits-all set-and-forget task. You could literally hire someone part time if you really wanted to go down that rabbit hole. The same could be said for optimising Apache, PHP and a whole host of other services that run on a web server.
That’s normal and the documentation may be out of date. It was added in 2.3.1 according to the release notes.
Magento now sets the id_prefix option on prefix cache keys for the cache frontend during installation. If this option is not set, Magento uses the first 12 bits of the md5 hash of the absolute path to the Magento app/etc directory. But if this value is not exactly the same on all web servers, cache invalidation will not work. Fix submitted by Fabian Schmengler in pull request 18641 . GitHub-15828
Yes, you can apply a password to Redis but I don’t know how.
I was asked I think to enter my pass but It didn’t work when I used auth my_redis_password.
I’m happy to send some screenshot to support it. The message.
For now, I disabled the password commenting it back with # but I’m planning to revisit it.
In the meantime can you pls inform me whether using not passworded Redis my site is exposed to an attack or the password secure the server only from someone who already hacked and has access to the server and can change its setting.
i.e. I or someone can access the server using magento server user and then try to change Redis setting?
You see the site works fast but I don’t want to make it unsecure.
Anyway, if someone gains access to your server then Redis is the least of your problems. Don’t forget, that your Password is stored in the redis.conf file anyway.
It’s my understanding that setting up a Redis password is something that you only need if you run Redis on a seperate server (which large companies do). As a matter of fact, most large sites have their Web Application, Redis, MySQL, ElasticSearch, etc on their own servers. But those types of companies obviously don’t come here.