php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #47088 Problems w/ session_set_save_handler when changing $_SESSION from a function
Submitted: 2009-01-13 12:41 UTC Modified: 2009-01-14 09:26 UTC
From: guido_jansen at gmx dot de Assigned:
Status: Closed Package: Session related
PHP Version: 5.2.8 OS: Win XP
Private report: No CVE-ID: None
View Developer Edit
 [2009-01-13 12:41 UTC] guido_jansen at gmx dot de 
Description:
------------
I'm using a custom save handler to store my session information in a database.

The save handler is much like the one on 
http://www.zend.com/zend/spotlight/code-gallery-wade8.php

Everything works fine except one thing

If I change the $_SESSION from within a function, then the argument which should contain the session_data is emtpy

Reproduce code:
---------------
session_start();
session_set_save_handler( [...] array(&$ses_class, '_write' [...]);

// ...

$_SESSION['a'] = 'b';

function temp() {
 $_SESSION['c'] = 'd';
}

// ...
session_write_close(); // this will call custom _write function

-------------------------------------
class Session() {
// ...
function _write($id, $data) {
var_dump($data);    // <---- here is the output
// ...
}
// ...
}

Expected result:
----------------
Inside the custom session write function, the second argument should dump as

string(20) "a|s:1:"b";c|s:1:"d";"

Actual result:
--------------
Actually the output is

string(0) ""

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-01-14 03:49 UTC] typoon at gmail dot com 
I am unable to reproduce the issue on PHP 5.2.8 (cli) and am unable to reproduce on PHP 5.3.0alpha4 on both Windows XP and Linux.
Please try the code below and see if you see the issue. Perhaps you have some code problem there?
In case you still see the issue, please provide more details on how and where you are executing the code

<?php

class SessionClass {
    
    public function _open($save_path, $session_name) {}
    public function _close() {}
    public function _read($id) { return true; }
    public function _write($id, $session_data) {
        var_dump($session_data);
    }
    public function _destroy($id) {}
    public function _gc($max) {}


}

$ses_class = new SessionClass();

if (!session_set_save_handler(array(&$ses_class,'_open')
                            ,array(&$ses_class,'_close')
                            ,array(&$ses_class,'_read')
                            ,array(&$ses_class,'_write')
                            ,array(&$ses_class,'_destroy')
                            ,array(&$ses_class,'_gc'))) {

    die("Unable to set handlers");
}

session_start();
//echo "Session id is: ".session_id()."\n";

$_SESSION['a'] = 'b';

function temp() {
 $_SESSION['c'] = 'd';
}

temp();

session_write_close(); // this will call custom _write function
 [2009-01-14 09:26 UTC] guido_jansen at gmx dot de 
This is not a bug, it was a problem with the content of the session array. I used a key which contains a '|' (pipe) character.

This is not an allowed character for a session key, because PHP uses this in the process of serializing session variables into ONE string.

The function issue is not reproducable, so this was not the problem.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jul 02 03:01:35 2025 UTC