What kind of serialization uses PHP function session_set_save_handler's write function?

Question

I make use of session_set_save_handler(). It works fine. However, sometimes I need to alter user's session data. I simply expected that the session data passed to write function are internally created like this:

serialize($_SESSION);

But they are not. They have this slightly different format than simple PHP serialized data:

user|a:24:{s:2:"id";s:2:"12";s:5:"email";s:19:...CUT...;}last_activity_time|i:1310535031;logged_everywhere|b:1;

Anybody knows what kind of serialization is internally used for serializing $_SESSION data for write function in session_set_save_handler() ? Or even better, if there is some unserialize and serialize function I can use to work with this data ?

score 3 · Accepted Answer · answered Jul 13 '11 at 06:13

3

Please take a look at the PHP-Dokumentation for session_decode and session_encode. You will find complete samples for unserializing and serializing session strings in the comments.

answered Jul 13 '11 at 06:13

Timo Haberkern

4,409
2
27
41

Oops, totally missed that. Thank you for info. – Frodik Jul 13 '11 at 06:15

score 0 · Answer 2 · answered Sep 08 '11 at 12:55

here's my 2 cents on this issue with php's internal serializer. it's not really parse-able outside of the user's session. So when I used session_set_save_handler() so I can save my session data to a database, and inside my write method, I can access the $_SESSION object, thus, I can save the serialized $_SESSION object to my database, then read or alter it there. The only drawback is, that if it's altered, it wont be a modification to the internal session data used by php.

This at least gives you parse-able access to the current user's session data, although, not the object.

function _write($id, $data)
{
    if ($data == "")
    {
        return true;
    }

    global $database_connection;
    global $table_prefix;

    $clean_data = base64_encode(serialize($_SESSION));
    $access = time();

    $id = mysql_real_escape_string($id);
    $access = mysql_real_escape_string($access);
    $data = base64_encode($data);

    $sql = "REPLACE
        INTO " . $table_prefix . "sessions
        VALUES ('$id', '$access', '$data', '$clean_data')";

    return mysql_query($sql, $database_connection);
}

What kind of serialization uses PHP function session_set_save_handler's write function?

2 Answers2

Linked