PHP requests one by one or simultaneously

Question

I have got some questions about PHP and how requests work under the hood.

1) Let's say I wrote my PHP application and upload it to server. Now there's a function that I wrote and if user goes to that route which executes that function, something happens.

Question is: if one user makes the request and another user also makes the request, does the second user have to wait until first user's request is done? (by saying request is done, I mean until the function I wrote gets executed through the end). Is this the correct guess or it doesn't matter which function gets executed. Until the request isn't done, the second request never starts?

2) I have my PHP application. Imagine two persons make the request at the same time which writes data to the database (not writing, but updating). Let's say I used load balancers. if one user makes request to balancer1 and another user makes request to balancer2, what I want to do is if first user's call updates the database, second user's request has to stop immediately (it shouldn't be updated).

The scenario is that I have jwt token in my database which is used to do requests on third party tool. it has expiration 1 hour. Let's say 1 hour has passed. If one user makes the call to update the token and in the way second user also makes the call to update the token, what will happen is second user will update the token and first user's token will be invalid, which is bad.

Answer 1

PHP can handle multiple requests at the same time, but requests from the same user will be processed one by one if the user's PHP session is locked by the first request. Second request will be proceeded when session would be closed.

For example, if you run a PHP script with sleep(30) in one browser tab:

<?
session_start();

sleep(30);

And another script in another tab:

<?
session_start();

echo 'hello';

The second script won't be executed until the first one is finished.

It's important to note this behavior because sessions are used in almost every app.

Answer 2

1. If you have a route which is served by a controller function, for each request there is a separate instantiation of the controller. For example: user A and user B request same route laravel.com/stackoverflow, the controller is ready to respond to each request, independent of how many users are requesting at the same time. You can consider similar as a principle of processes for any service. For example, Laravel is running on PHP. So PHP makes process threads each time we need PHP to process any script. Similarly Laravel instantiates the controller for each request.
2. For same user sending multiple requests, it will be still processed like point 1.
3. If you want to process particular requests one by one, you can queue the jobs. For example let us say you want to process a payment. You have 5 requests happening. So the controller will be taking all requests simultaneously but the controller function can dispatch a queued job and those are processed one by one.
4. Considering two persons try to request same route which has an DB update function, you can read a nice article here about optimistic and pessimistic locking.

Answer 3

I should be voting to close this - its way too broad....but I'll give it a go.

If the requests depend on a resource which can only perform one task at a time, then they cannot "run" concurrently. It is quite possible you may have a single CPU core, or a single disk - however at the level of the HTTP request (in the absence of code to apply mutex locking) they will appear to run at the same time - that is what multi-tasking is all about. The execution thread will often be delayed waiting for something else to happen and at that point the OS task scheduler will check to see if there are any other tasks waiting to be run. You can easily test this yourself:

 <?php

 $started=time();
 sleep(20);
 print "Ran for " . (time() - $started) " seconds";

(try accessing this in different browser windows around the same time - or in 2 iframes on the same window)

Compare this with:

 <?php

 $started=time();
 $fh=fopen("/tmp/concurency_test", "w");
 flock($fh, LOCK_EX);
 sleep(20);
 flock($fh, LOCK_UN);
 print "Ran for " . (time() - $started) " seconds";

This also demonstrates just one of the reasons why you should not use flat files for storing data on your server. Note that the default session handler in PHP uses file based locking for the duration the session data is open by the script.

Databases employ a variety of strategies to avoid reverting to single operation queuing - most commonly versioning. That does not address the problem you describe: 2 clients should never be using the same session token - that is why the session token is seperate from the credentials in a well designed system.