Is there a way to find out what is using PHP sessions or spawning PHP processes?
My WordPress site gets heavy traffic (3.5 million hits per month). We discovered recently that we had permissions set incorrectly for a long time, meaning nothing could access PHP sessions. Unfortunately, after we fixed permissions, we found that tons of PHP processes are being spawned rapidly and the server goes completely unresponsive. It won’t even come back from health check. It’s a dedicated Nginx server in AWS and nothing else is running on it. What we see is that dozens of PHP processes start and keep growing. The issue doesn’t happen if we again “break” the PHP session permissions, so have determined that something in WordPress (probably a plugin?) is using PHP session excessively.
We can’t reproduce in dev because it only happens under the high load of the production site, with hundreds of users hitting the site at once. Due to WordPress requirements to have a bunch of database entries be the same as the domain it runs on, our dev environment is just a different IP that we access by changing our hosts file to point to it. It’s not publicly accessible for us to use a service to simulate load.
But, due to the high user base it’s not really feasible to just turn off all the plugins, as the site would completely break without them. We can’t rely on backtracking recent changes because the permissions have been broken for months, so have no idea what to even roll back.
Is there a way to find out what is using PHP sessions in WordPress? Or alternatively, what is spawning PHP processes? If we could determine that, I think we’d find the root cause.