PHP :: Bug #37578 :: unserialize_callback_func in htaccess has no effect

Bug #37578	unserialize_callback_func in htaccess has no effect
Submitted:	2006-05-24 13:32 UTC	Modified:	2006-05-24 15:30 UTC
From:	tacker@php.net	Assigned:
Status:	Not a bug	Package:	Class/Object related
PHP Version:	5.1.4	OS:	Gentoo Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	tacker@php.net
New email:
PHP Version:		OS:

New Comment:

[2006-05-24 13:32 UTC] tacker@php.net

Description:
------------
Using unserialize_callback_func in a htaccess has no effect. The required classes do not get loaded.

Reproduce code:
---------------
** .htacces
php_value unserialize_callback_func "myCallBack"
php_flag session.auto_start On

** index.php
<?php

    function __autoload($class)
    {
        require_once './' . $class . '.php';
    }

    function myCallBack($class)
    {
        __autoload($class);
    }

    if (isset($_GET['kill'])) {
        session_destroy();
        session_start();
    }

    echo '<pre>';
    echo 'unserialize_callback_func: ' . ini_get('unserialize_callback_func') . "\n";

    echo '$_SESSION: ' . "\n";
    print_r($_SESSION);

    if (!isset($_SESSION['test'])) {
        $_SESSION['test'] = new MyClass;
        echo 'Created a ' . get_class($_SESSION['test']) . "\n";
        echo '$_SESSION: ' . "\n";
        print_r($_SESSION);
    }

    echo '<p><a href="?kill=true">Kill session</a></p>';
    echo '<p><a href="' . $_SERVER['PHP_SELF'] . '">Reload</a></p>';
    echo '</pre>';

?>

** MyClass.php
<?php

    class MyClass
    {
        public $test = 'TestValue';
    }

?>

Expected result:
----------------
During unserialization myCallBack should be called and a complete MyClass object should exist.

$_SESSION = Array
(
    [test] => MyClass Object
        (
            [test] => TestValue
        )

)

Actual result:
--------------
$_SESSION = Array
(
    [test] => __PHP_Incomplete_Class Object
        (
            [__PHP_Incomplete_Class_Name] => MyClass
            [test] => TestValue
        )

)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-05-24 13:43 UTC] mike@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

As you use session.auto_start and no script has been executed when the session starts PHP knows nothing about that callback.

[2006-05-24 14:04 UTC] tacker@php.net

Ok. But I don't understand why it shouldn't work in the future.

Why are objects in the session unserialized before the script has been parsed?

If I set unserialize_callback_func to a value in a htaccess then PHP knows about it and should call it.

[2006-05-24 14:09 UTC] tacker@php.net

The "test" can be downloaded here:
http://m.tacker.org/blog/wp-content/uploads/2006/05/bug_37578.tgz

[2006-05-24 15:30 UTC] mike@php.net

Speaking in PHP code you're actually doing:

session_start();
ini_set("unserialize_callback_func", "myCallback");

Anyway, this is a support question, not a bug.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Jul 04 06:01:38 2025 UTC