php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #54383 extend the usage of session_encode/session_decode
Submitted: 2011-03-25 16:16 UTC Modified: 2013-08-21 02:13 UTC
Votes:6
Avg. Score:4.2 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:3 (100.0%)
From: tyra3l at gmail dot com Assigned: yohgaki (profile)
Status: Closed Package: Session related
PHP Version: 5.3.6 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tyra3l at gmail dot com
New email:
PHP Version: OS:

 

 [2011-03-25 16:16 UTC] tyra3l at gmail dot com 
Description:
------------
I always wondered about the rationale about the session_encode/decode in it's 
current form, but Chris Shiflett's blogpost made me to open this bugreport:
http://shiflett.org/blog/2011/mar/php-session-debugging

I would propose two changes:
- add a new optional array argument for session_encode, if it is passed, then 
encode that instead of the $_SESSION array.
- add a new optional boolean argument for session_decode, if that sets to true 
(default is false), then the decoded session array is returned instead of 
inserted to $_SESSION

obviously the documentation about the return variable for session_decode should 
also be updated to reflect this change.

this should be backward compatible change, but it would allow us to 
encode/decode an arbitary serialized session without the need to save and reload 
the contents of the current $_SESSION array.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-07-02 19:23 UTC] arraypad at gmail dot com 
The problem with this is that we currently expect the (possibly custom) serializer to work directly on the $_SESSION array. Changing this would be a big BC break in the session API.
 [2011-07-02 19:32 UTC] tyra3l at gmail dot com 
I don't see your point.
as I mentioned, this change would be backward compatible, because by default, the 
behavior would be the same, but it would be possible to encode/decode the session 
from/to an arbitary variable.

Tyrael
 [2011-07-02 20:13 UTC] arraypad at gmail dot com 
The BC break would be in the session serializer API. Serializers are expected to read directly from $_SESSION - the PS_ENCODE_LOOP macro is provided to facilitate this but it may not be used - and to write back to $_SESSION. Again we provide php_set_session_var() to facilitate this and the two serializers we bundle use it, but custom serializers may not.

We could provide this feature without the BC break by adding a separate interface, but it wouldn't work for any custom serializers (igbinary for example) until they were updated.

I think the current interface is poor, but I'm not convinced that adding another interface is the answer - I'd rather fix it and accept the BC break, but that would have to wait for a new major version.
 [2012-03-31 03:55 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2013-08-21 02:13 UTC] yohgaki@php.net
-Status: Assigned +Status: Closed
 [2013-08-21 02:13 UTC] yohgaki@php.net 
php_serialize will be available from PHP 5.5.4.

http://git.php.net/?p=php-
src.git;a=commit;h=c51f77fe83cea3a48d89423863e6916b77628e47
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Oct 26 11:00:02 2025 UTC