#43980 [->Opn]: Difficult to unserialize session data in user session save function

[rhm31 at cam dot ac dot uk]

 ID:               43980
 User updated by:  rhm31 at cam dot ac dot uk
 Reported By:      rhm31 at cam dot ac dot uk
-Status:           Wont Fix
+Status:           Open
 Bug Type:         Session related
 Operating System: Linux
-PHP Version:      4.4.8
+PHP Version:      5
 New Comment:

>From the documentation:

session_encode

(PHP 4, PHP 5)

session_encode — Encodes the current session data as a string
Description
string session_encode ( void )

This signature is wrong, since it assumes you want to encode the
current $_SESSION variable, but sometimes you don't want to and you want
to encode something else.

This is not specific to PHP4 only.


Previous Comments:
------------------------------------------------------------------------

[2008-03-17 00:47:58] [EMAIL PROTECTED]

We are sorry, but we can not support PHP 4 related problems anymore.
Momentum is gathering for PHP 6, and we think supporting PHP 4 will
lead to a waste of resources which we want to put into getting PHP 6
ready.



------------------------------------------------------------------------

[2008-01-30 02:49:47] rhm31 at cam dot ac dot uk

Description:
------------
A custom session handler has a save function, which is given an opaque
piece of session data. No functions are provided to modify this data,
even though this can be useful in some cases.

As a workaround, session_decode and session_encode can be used.
However, there are some problems:
1. BUG:session_start() must be called in the save function; presumably
because in the save handler the session is already closed.
2. HARD TO USE:The functions do not simply take a string and return an
array or vise-versa; instead they work directly on the $_SESSION array.
This means you cannot easily use them for generic purposes.

A function that implements decode_session below could be added to the
standard library, and the existing functions deprecated, since this
function subsumes them.
Also, a similar function for encode_session.


Reproduce code:
---------------
function decode_session($session_string)
{
        $current_session=session_encode();
        foreach($_SESSION as $key => $value)
        {
                unset($_SESSION[$key]);
        }
        session_decode($session_string);
        $restored_session = $_SESSION;
        foreach ($_SESSION as $key => $value){
                unset($_SESSION[$key]);
        }
        session_decode($current_session);
        return $restored_session;
}

Expected result:
----------------
The session_string to be decoded and returned as an array.

Actual result:
--------------
An empty array is returned with no error message when above function is
called from a session save handler.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=43980&edit=1