PHP store objects in $_SESSION

Question

I'm new in PHP and I'm trying to save objects in the $_SESSION. I've actually read this post, but i need to store something.

I used serialize($myObject) to put it into the $_SESSION but when I get it using unserialize() I get the following message: Warning: unserialize() expects parameter 1 to be string, object given in... The curious thing is that on my local machine with PHP 5.4 it works. On the host where PHP 5.2 is installed, it doesn't work. I call start_session() and I instantiate new MyObject() before calling unserialize....

However ißm a little confused. In some post i read that PHP serialize and unserialize object by itself, so i would not need to call it. Other post says that i MUST call it.

How can i solve this issue?

EDIT: I'm still confused regarding the different behavior of PHP 5.2 and 5.4. The following code prints out different results:

$inner = '';
if (isset($_GET['inner'])){
var_dump(1);
    $inner = $_GET['inner'];
} else if (isset($_GET['lang']) === true && isset($_SESSION['inner'])){
    $inner = $_SESSION['inner'];
var_dump(2);
} else {
    unset($_SESSION['inner']);
var_dump(3);
}
var_dump($inner);

if ($inner == 'editpwd'){
    $_SESSION['inner'] = 'editpwd';

} else if ($inner == 'browseparks'){
    $_SESSION['inner'] = 'browseparks';

} else if ($inner == 'browsetricks'){
    $_SESSION['inner'] = 'browsetricks';

}

by executing it, in both cases the same if-branch is executed, but the value of 'inner' differs.

Just check $_SESSION if it is a OBJECT, if it isn't then unserialize it. It could be possible that on PHP ver 5.2 the object doesn't get unserialized but it does get unserialized on PHP ver 5.4. — Mordalthunder, Nov 18 '13 at 10:13
You shouldn't need to `serialize()` when storing an object in a session (it already does this for you behind the scenes), the only thing you need is to have the class definitions loaded on `session_start()`, or loadable via autoload functionality. If you have unserializable resources in your object (file pointers etc.), just define a proper `__wakeup()` function. — Wrikken, Nov 18 '13 at 11:15
At each call i initialize my classes and then call start_session(). If i put my object without serialize(), and than i check the stored var in the session using var_dump, i get 'string'... — Emaborsa, Nov 18 '13 at 11:20
"In some post i read that PHP serialize and unserialize object by itself, so i would not need to call it. Other post says that i MUST call it." Have set up a test case and tried that with your PHP version? — feeela, Nov 18 '13 at 11:20
I haven't seen a PHP version for 7 years where I had to `serialize()` objects myself. Unless you are using a custom session handler instead of the default one, this shouldn't be an issue. If it is for you, please create a testcase with the minimal amount of code needed to show the error, the PHP version you are currently using, and the `session` portion of the output of `phpinfo()`. — Wrikken, Nov 18 '13 at 11:42
I did a test case...and you're right. Serialize() is not needed. But how is it possbile that the pages work corrrectly on my apache but un the host it is different? Im using the SESSION to store the user login... Actually i don't get warnings nor errors. It simply doesn't keep the 'user' var in the session. — Emaborsa, Nov 18 '13 at 12:24
I solved it, in a point of my code i initilized a variable thit the same name as that i set to SESSION['user'] and i SUPPOSE that this variable overrided the other one. Is it possible? Is it also possible that two verisions of PHP handle this stuff in two differents ways? — Emaborsa, Nov 18 '13 at 12:41

PHP store objects in $_SESSION

0 Answers0