Edit report at https://bugs.php.net/bug.php?id=43980&edit=1
ID: 43980 Updated by: [email protected] Reported by: rhm31 at cam dot ac dot uk Summary: Difficult to unserialize session data in user session save function Status: Open Type: Feature/Change Request Package: Session related Operating System: * PHP Version: * -Assigned To: +Assigned To: yohgaki Block user comment: N Private report: N New Comment: I think next release should have new handler encode with plain serialize and set it to default. This will lead to BC problems certain users, but current implementation is legacy one for supporting global session variables. Previous Comments: ------------------------------------------------------------------------ [2011-10-04 22:59:38] tklingenberg at lastflood dot net If you want to encode something else (e.g. an array with keys as variable names), you can just mimic the PHP session handler by: <?php $encoded = ''; foreach($array as $name => $value) { $encoded .= $name.'|'.serialize($value); } ?> Ensure that the serialize handler as well as the session serialize handler is "PHP". Decoding is not that simple however, you would require a library https://github.com/ktomk/Serialized as of now. To have another tool in the box, a decode/encode function pair with a parameter of type "variable" array (like $_SESSION) and a parameter type string with the name of the serialize handler would be useful, maybe even two function pairs, one for session (variable list) and one for the actual values (un/serialize) but I think this won't work for the serially encoded values out of the box, so you always need to unserialize all, which means instantiation of objects etc.. ------------------------------------------------------------------------ [2008-03-17 15:12:00] rhm31 at cam dot ac dot uk >From the documentation: session_encode (PHP 4, PHP 5) session_encode Encodes the current session data as a string Description string session_encode ( void ) This signature is wrong, since it assumes you want to encode the current $_SESSION variable, but sometimes you don't want to and you want to encode something else. This is not specific to PHP4 only. ------------------------------------------------------------------------ [2008-03-17 00:47:58] [email protected] We are sorry, but we can not support PHP 4 related problems anymore. Momentum is gathering for PHP 6, and we think supporting PHP 4 will lead to a waste of resources which we want to put into getting PHP 6 ready. ------------------------------------------------------------------------ [2008-01-30 02:49:47] rhm31 at cam dot ac dot uk Description: ------------ A custom session handler has a save function, which is given an opaque piece of session data. No functions are provided to modify this data, even though this can be useful in some cases. As a workaround, session_decode and session_encode can be used. However, there are some problems: 1. BUG:session_start() must be called in the save function; presumably because in the save handler the session is already closed. 2. HARD TO USE:The functions do not simply take a string and return an array or vise-versa; instead they work directly on the $_SESSION array. This means you cannot easily use them for generic purposes. A function that implements decode_session below could be added to the standard library, and the existing functions deprecated, since this function subsumes them. Also, a similar function for encode_session. Reproduce code: --------------- function decode_session($session_string) { $current_session=session_encode(); foreach($_SESSION as $key => $value) { unset($_SESSION[$key]); } session_decode($session_string); $restored_session = $_SESSION; foreach ($_SESSION as $key => $value){ unset($_SESSION[$key]); } session_decode($current_session); return $restored_session; } Expected result: ---------------- The session_string to be decoded and returned as an array. Actual result: -------------- An empty array is returned with no error message when above function is called from a session save handler. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=43980&edit=1
