Shared nothing and PHP: what it means for modern frameworks
PHP was designed on the shared nothing principle: each request gets a clean process, no memory shared between requests. Frameworks like Laravel rely on this.
With Swoole, Hyperf, and Octane, this changes. State can leak between requests. What patterns do people use to stay safe?
The main rule: nothing mutable in static properties or global state. Service classes are fine if they are stateless. The problem is any class that stores request-specific data as an instance property in a singleton.
In Hyperf, Coroutine::getContext() gives you a coroutine-local storage that is cleaned up when the coroutine ends. That is how it replaces things like superglobals and request-scoped state.
Authentication state is the most common leaker. If your auth middleware stores the user in a static property for convenience, the next request in the same worker will see the previous user. Caught this bug in production.
Octane flushes the service container between requests for scoped bindings, but singletons persist. Know which of your services are bound as singletons and audit them for mutable state.
The safest rule: treat every service as if it runs in a worker that handles millions of requests in sequence. Any state that is not explicitly reset between requests will eventually cause a bug.
I wrote a static analysis rule for PHPStan that flags mutable static properties in classes registered as singletons. Catches about half the issues before they reach review.