Edit report at https://bugs.php.net/bug.php?id=43980&edit=1
ID: 43980
Comment by: tklingenberg at lastflood dot net
Reported by: rhm31 at cam dot ac dot uk
Summary: Difficult to unserialize session data in user
session save function
Status: Open
Type: Feature/Change Request
Package: Session related
Operating System: *
PHP Version: *
Block user comment: N
Private report: N
New Comment:
If you want to encode something else (e.g. an array with keys as variable
names), you can just mimic the PHP session handler by:
<?php
$encoded = '';
foreach($array as $name => $value)
{
$encoded .= $name.'|'.serialize($value);
}
?>
Ensure that the serialize handler as well as the session serialize handler is
"PHP". Decoding is not that simple however, you would require a library
https://github.com/ktomk/Serialized as of now.
To have another tool in the box, a decode/encode function pair with a parameter
of type "variable" array (like $_SESSION) and a parameter type string with the
name of the serialize handler would be useful, maybe even two function pairs,
one for session (variable list) and one for the actual values (un/serialize)
but I think this won't work for the serially encoded values out of the box, so
you always need to unserialize all, which means instantiation of objects etc..
Previous Comments:
------------------------------------------------------------------------
[2008-03-17 15:12:00] rhm31 at cam dot ac dot uk
>From the documentation:
session_encode
(PHP 4, PHP 5)
session_encode Encodes the current session data as a string
Description
string session_encode ( void )
This signature is wrong, since it assumes you want to encode the current
$_SESSION variable, but sometimes you don't want to and you want to encode
something else.
This is not specific to PHP4 only.
------------------------------------------------------------------------
[2008-03-17 00:47:58] [email protected]
We are sorry, but we can not support PHP 4 related problems anymore.
Momentum is gathering for PHP 6, and we think supporting PHP 4 will
lead to a waste of resources which we want to put into getting PHP 6
ready.
------------------------------------------------------------------------
[2008-01-30 02:49:47] rhm31 at cam dot ac dot uk
Description:
------------
A custom session handler has a save function, which is given an opaque piece of
session data. No functions are provided to modify this data, even though this
can be useful in some cases.
As a workaround, session_decode and session_encode can be used. However, there
are some problems:
1. BUG:session_start() must be called in the save function; presumably because
in the save handler the session is already closed.
2. HARD TO USE:The functions do not simply take a string and return an array or
vise-versa; instead they work directly on the $_SESSION array. This means you
cannot easily use them for generic purposes.
A function that implements decode_session below could be added to the standard
library, and the existing functions deprecated, since this function subsumes
them.
Also, a similar function for encode_session.
Reproduce code:
---------------
function decode_session($session_string)
{
$current_session=session_encode();
foreach($_SESSION as $key => $value)
{
unset($_SESSION[$key]);
}
session_decode($session_string);
$restored_session = $_SESSION;
foreach ($_SESSION as $key => $value){
unset($_SESSION[$key]);
}
session_decode($current_session);
return $restored_session;
}
Expected result:
----------------
The session_string to be decoded and returned as an array.
Actual result:
--------------
An empty array is returned with no error message when above function is called
from a session save handler.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=43980&edit=1
