GET_LOCK and database sessions causing issues with AWS serverless database

You might want to consider using redis (AWS elasticache) for sessions. It would require you install phpredis and then create application/libraries/MY_Session.php as below

You might want to tweak some of the settings for your environment. Then you don't need to rely on the mysql locking (or mysql in general) for sessions.

Redis can be setup mutli-az also so if it fails the other one will take over.

PHP Code:

<?php
class MY_Session extends CI_Session 
{
 public function __construct(array $params = array())
 {
 $CI =& get_instance();
 
 //Settings for redis sessions
 ini_set('session.save_handler','redis');
 $redis_host = isset($_SERVER['HTTP_HOST']) && $_SERVER['HTTP_HOST'] == 'localhost' ? '127.0.0.1:6379' : 'REDIS-URL.com:6379';
 ini_set('session.save_path','tcp://'.$redis_host.'?prefix=APPSESSION:');
 ini_set('redis.session.locking_enabled',1);
 
 //How long should the lock live (in seconds)? Defaults to: value of max_execution_time.
 ini_set('redis.session.lock_expire',60);
 
 //How long to wait between attempts to acquire lock, in microseconds (µs)?. Defaults to: 2000
 ini_set('redis.session.lock_wait_time',10000);
 
 //Maximum number of times to retry (-1 means infinite). Defaults to: 10
 ini_set('redis.session.lock_retries',150);
 
 // No sessions under CLI
 if (is_cli())
 {
 log_message('debug', 'Session: Initialization under CLI aborted.');
 return;
 }
 elseif ((bool) ini_get('session.auto_start'))
 {
 log_message('error', 'Session: session.auto_start is enabled in php.ini. Aborting.');
 return;
 }
 
 // Configuration ...
 $this->_configure($params);
 $this->_config['_sid_regexp'] = $this->_sid_regexp;

 // Sanitize the cookie, because apparently PHP doesn't do that for userspace handlers
 if (isset($_COOKIE[$this->_config['cookie_name']])
 && (
 ! is_string($_COOKIE[$this->_config['cookie_name']])
 OR ! preg_match('#\A'.$this->_sid_regexp.'\z#', $_COOKIE[$this->_config['cookie_name']])
 )
 )
 {
 unset($_COOKIE[$this->_config['cookie_name']]);
 }

 session_start();

 // Is session ID auto-regeneration configured? (ignoring ajax requests)
 if ((empty($_SERVER['HTTP_X_REQUESTED_WITH']) OR strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest')
 && ($regenerate_time = config_item('sess_time_to_update')) > 0
 )
 {
 if ( ! isset($_SESSION['__ci_last_regenerate']))
 {
 $_SESSION['__ci_last_regenerate'] = time();
 }
 elseif ($_SESSION['__ci_last_regenerate'] < (time() - $regenerate_time))
 {
 $this->sess_regenerate((bool) config_item('sess_regenerate_destroy'));
 }
 }
 // Another work-around ... PHP doesn't seem to send the session cookie
 // unless it is being currently created or regenerated
 elseif (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id())
 {
 setcookie(
 $this->_config['cookie_name'],
 session_id(),
 (empty($this->_config['cookie_lifetime']) ? 0 : time() + $this->_config['cookie_lifetime']),
 $this->_config['cookie_path'],
 $this->_config['cookie_domain'],
 $this->_config['cookie_secure'],
 TRUE
 );
 }

 $this->_ci_init_vars();
 log_message('info', "Session: Class initialized using native php."); 
 }
 
} 


Also if you want to migrate session from database to redis add this to the bottom of index.php while you are still using database sessions. Let it run like this for a day or so to move your sessions to redis. Then when you make the switch you don't log anyone out.

PHP Code:

//Keep storing data in redis sessions
$redis = new Redis();
$redis_host = isset($_SERVER['HTTP_HOST']) && $_SERVER['HTTP_HOST'] == 'localhost' ? '127.0.0.1' : 'REDIS-URL.com:6379';
$redis->connect($redis_host, 6379);
$redis->set("APPSESSION:".session_id(), session_encode(),(int)ini_get('session.gc_maxlifetime'));