Can I store a class instance in a $_SESSION space?

Question

 Class User{

public $id;
public $username;
public $password;
public $email;
public $steam;
public $donator;
public $active;

public function __construct($username, $email, $password, $id, $active, $donator, $steam){
    $this->id = $id;
    $this->username = $username;
    $this->password = $password;
    $this->email = $email;
    $this->steam = $steam;
    $this->donator = $donator;
    $this->active = $active;
}}

is my class (simplified)

the following is my code:

$_SESSION['loggedIn'] = $user;

$user is a class instance of User

now this is what print_r($_SESSION['loggedIn']) shows me:

    __PHP_Incomplete_Class Object
(
    [__PHP_Incomplete_Class_Name] => User
    [id] => 22
    [username] => xxxx
    [password] => xxxx
    [email] => xxxx
    [steam] => 1234567
    [donator] => 0
    [active] => 1
)

in which xxxx are values that are correct.

but when i try to retrieve data from my session. like so: "$_SESSION['loggedIn']->username" it returns a null value to me.

possible duplicate of ["Storing A PHP Object In A Session Variable"](http://stackoverflow.com/questions/2042271/storing-a-php-object-in-a-session-variable), ["PHP Session with an Incomplete Object"](http://stackoverflow.com/questions/1055728/php-session-with-an-incomplete-object), ["Problem with PHP Session Object"](http://stackoverflow.com/questions/5348457/problem-with-php-session-object). — outis, Aug 16 '11 at 19:30
See also ["PHP: Storing 'objects' inside the $_SESSION"](http://stackoverflow.com/questions/132194/php-storing-objects-inside-the-session), ["Can I Store An Object In A Session?"](http://www.phpriot.com/articles/intro-php-sessions/8). — outis, Aug 16 '11 at 19:31
i would't do that. You could end up with old data, if, for example, the user uses another computer to change his email while logged in on another computer. Or if you delete the user from the database, your application would still think the user exists. Instead, I would store just the user id in the session, and retrieve the rest of the information from the database when handling requests from the user. — shesek, Aug 16 '11 at 19:39

score 16 · Accepted Answer · answered Aug 16 '11 at 18:41

16

You must first serialize the object in to a string:

$_SESSION['user'] = serialize($user);

and:

$user = unserialize($_SESSION['user']);

Just make sure that the class is first defined before unserializing the object.

answered Aug 16 '11 at 18:41

13

PHP will [serialize](http://svn.php.net/viewvc/php/php-src/trunk/ext/session/session.c?revision=314376&view=markup#l187) and [unserialize](http://svn.php.net/viewvc/php/php-src/trunk/ext/session/session.c?revision=314376&view=markup#l205) session variables automatically. The reason this answer works is the note about ensuring the class is defined before unserializing. – outis Aug 16 '11 at 19:41
@outis Could you provide a reference? The two links you posted are dead, but I'm looking for a reference that confirms that indeed serializing is done automatically. – Bram Vanroy Jun 27 '17 at 13:40
@Bram: the links were to the source code; specifically, ext/session/session.c. That's the only reference I'm aware of (there's a fair bit of PHP behavior that isn't documented). – outis Dec 19 '17 at 00:06

outis · Answer 2 · 2013-01-20T19:18:03.443

You can store objects in $_SESSION. PHP will serialize them for you. Just make sure the class is defined before calling session_start, or that it can be autoloaded. The reason the value stored in the session has type "__PHP_Incomplete_Class_Name" is that the User class wasn't defined when the object was unserialized during session loading (as explained in the PHP manual page on object serialization).

Resources can't be serialized. If you ever store an object that uses resources, implement __sleep and __wakeup to customize the serialization. PHP's serialization should be able handle all other types, even if they contain circular references.

score 2 · Answer 3 · answered Aug 16 '11 at 18:43

While on the same page, the session variable acts like just another vairable, so you can do with it what you want. THat's why you can store the object while still on that page.

Retrieving it later will actually show if it is fit for a session, which it is not in your case.

If you really need to save that object, you could try and save it as a serialized object, and unserialize it after retrieval. That should work, although I don't know if this is the best sollution / design. Passing objects around like this might be considered a bit...anti-pattern

score -1 · Answer 4 · answered Aug 16 '11 at 18:39

-1

$_SESSION variables seem to be only able to store arrays, numbers, and strings.

They cannot store a class object after you change to a new page.

answered Aug 16 '11 at 18:39

Naftali

144,921
39
244
303

ok, so what i could do is making an array in session? and fill that up with certain values retrieved from do-login.php? – sn0ep Aug 16 '11 at 18:42
@Toby, yes you could do that. – Naftali Aug 16 '11 at 18:48
Do you have a source for this, or is this a wrong answer (going from the other answers). – Bram Vanroy Jun 27 '17 at 13:42
@BramVanroy if you read the other answers (or at least the accepted one) they are only storing a string to a session and not an object – Naftali Jun 27 '17 at 14:28
Well, yes. A serialized object, which can then be unserialized back 'into' an object, right? Or am I missing the point of serializing and unserializing. – Bram Vanroy Jun 27 '17 at 15:51
That will only serialize data. But not actual object types etc – Naftali Jun 27 '17 at 15:56

Can I store a class instance in a $_SESSION space?

4 Answers4

Linked

Related