All geek questions in one place

How to unserialize session data in a custom handler

I used sessionHandlerInterface to save the session to the database. Everything is working fine. but I want to get all serialized data from a database, for example

 SELECT data FROM session;

and you want them to decode the data when I output it. I tried using session_decode() , which manipulates the $_SESSION , which causes problems. I just want to get serialized data and return decoded data.

This is an example of session data stored in a database in the data column.

fb_422782977793963_code | s: 216: "AQAVKa4Q8sOuioW75V9Ls-cDUEizgJDX5ZkRVLArDlroFvvhasdwKvbyzKEwiMVrN7nc5ghMaw0W67jQu5kt_sc_Edm9sABzB5PakdkUpXr52AViTOltPfPBQHM9T-JoGOQ4gasdbssC8Xt93NKFvdV7XRZ7ZYGZqIsu5SFpfFBHK_hNGDdRVbnbe_xUZVP9WI4h0jDy"; fb_422782977793963_access_token | S: 111: "AAAGAhasdaAKL7hAvXRv6FHUj1Tk24r7j4NqDwWWUzmXDZA2Igsb1pHjuP4jbBRNKfeYzutm0MFmgxuKPg1n0NEbvZAXM3bwoNZDZi; fb_422782977793963_user_id | S: 15: β€œ100004835469598”; images | S: 61: "HTTP: // m- static.ak.fbcdn.net/rsrc.php/v2/yo/r/sdIqmHJn-SK.gif";

It works great with normal session processing, it reads and writes the session to the database, as it should be.

I want to get all the data of active sessions. if I use SELECT data FROM session. it returns the above session data (encoded), I want to get its decoded data.

+3
source share
1 answer

PHP serialize and unserialize cannot be used to serialize and unserialize session data. Even if (by default - and only by default) serialization may look similar, there is an important difference between these two functions, which take care of only one variable content:

Those [sessions] are a list of serialized values ​​with their variable name.

(from: Serialized README )

So, you need to create your own session_unserialize function, which will be able to decode the string (for example, via session_decode ) that is returned from your database. Make sure everyone needs this, for example. if the session contains serialized objects, you must define class definitions.

An session_unserialize function might look like (taken from: a session-related response ):

 function unserialize_session($data) { $hasBuffer = isset($_SESSION); $hasBuffer && $buffer = $_SESSION; session_decode($data); $session = $_SESSION; $hasBuffer ? $_SESSION = $buffer : unset($_SESSION); return $session; }
+2
source

Source: https://habr.com/ru/post/1440045/

More articles:


All Articles