Laravel: Should I Choose HHVM or PHP-FPM

My conclusion:
HHVM beats PHP-FPM by 20% to 45% at both request per second and average response time.

Well, if you also include database operation, the time margin should be around the same (the percentage may differ though), considering both HHVM and PHP-FPM consume about same time for database operation.

I ran the test for Lumen 5.2 and Laravel 5.2 using Apache Bench. The PHP version used is 5.6.13 and NGinx version 1.4.6.

If you are curious of “even better performance for Laravel”, try ReactPHP+NGinx (refer to http://marcjschmidt.de/blog/2014/02/08/php-high-performance.html) because it eliminates Laravel bootstrap’s code just being ran once at server startup, instead of ran at each request (See also https://github.com/php-pm/php-pm). But there is a fatal drawback: If your code throw uncatched exception, your server dies. Also other drawbacks such as reload server on code change and potential memory leaks.

If you need the test results / source code, just contact me. I don’t feel like putting them on this blog.

Unify Laravel Authentication / Session Across Apps

Question: Is it possible to make single login authentication for multiple laravel apps on same domain?

Condition: Laravel stores session on two places: client-side on encrypted HTTP cookie and server-side on (optional) encrypted key-store value.

Idea: Make each apps reads the same session both on client-side and server-side and make sure both application reads same ‘users’ table.

How to unify client side:

  1. Open config/session.php
  2. Find ‘cookie’ parameter
  3. By default the value should be ‘laravel_session’. It’s okay to put there, or if you want you can change that to other name. Just note that this value must be same accross application
  4. Open .env
  5. Set same 32 string length APP_KEY for each application

How to unify server side (using redis as session manager):

  1. Install redis (if you have not)
  2. Install predis package (if you have not)
  3. Open .env
  4. Change CACHE_DRIVER to redis for each application

That’s all folks !

Well, there are other configurations to think of such as cookie domain, cookie path, session encryption, and redis clustering. You should look them if you need to.

Struggling with Laravel 5.0 Password

I was developing “a Laravel 5.0 system”. At first, there was no problem with authentication.

After 5 months development, the login feature turns out to be broken. Last time I remember it was fine before. So I tried logging in with my own account and I can log in normally. Then the developer points out that only newly registered users who was not able to login.

Then I open the users table and took my bcrypt-ed password and tested it online. Turned out my old account can be verified and my newly created account cannot be verified. Then I look into registration file at app/services/registar.php and dd-ing some variables. And tested the bcrypted-password online. Then I tried dd-ing bcrypted password (without inserted to laravel model) and it was fine!

password
Look man, the password changes anytime I change the password on User Eloquent model

So, my first conclusion was Storing password in User Eloquent model is different than the specified value.

apt-get update && apt-get upgrade
No Luck.

Then I suspect Laravel changed my password abruptly. I tested storing the password using plain text, and tested the hash, and it was verified!.

So, the conclusion is, laravel calls bcrypt function upon password assignment without developer consent, which is weird I think, as they changed the behavior that cause my-5-months-code broke.

The fix is easy, just change

'password' => bcrypt($data['password']),

into

'password' => $data['password'],