You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Session serialization of php is not the same as the functions serialize() and unserialize() prior to php version 5.5.4.
If you use Zend Framework 2 for example, $_SESSION becomes a multi-dimensional array and that is being serialized in such a way that it is incompatible with the phpserialize library.
Since php 5.5.4, you have the option php_serialize which uses the plain serialization functions of php. This will make sure that the session data is serialized with php's serialize() and resolves the issue of phpserialize not being able to process this weird serialization of the default method. Click here for more information about the ini setting.
Perhaps it is a good idea to add this sidenote to the documentation.
The text was updated successfully, but these errors were encountered:
That does indeed seem very much worth documenting, thanks. If you or anyone else wants to submit a PR with this explanation (basically a verbatim quotation of what you've written would be great), I would happily accept it.
Session serialization of php is not the same as the functions
serialize()
andunserialize()
prior to php version 5.5.4.If you use Zend Framework 2 for example,
$_SESSION
becomes a multi-dimensional array and that is being serialized in such a way that it is incompatible with thephpserialize
library.Here is an example:
__ZF
andDefault
are actually just key names in the$_SESSION
array. This is what the array looks like if you dovar_dump($_SESSION)
:Since php 5.5.4, you have the option
php_serialize
which uses the plain serialization functions of php. This will make sure that the session data is serialized with php'sserialize()
and resolves the issue of phpserialize not being able to process this weird serialization of the default method. Click here for more information about the ini setting.Perhaps it is a good idea to add this sidenote to the documentation.
The text was updated successfully, but these errors were encountered: