问题
I make use of session_set_save_handler(). It works fine. However, sometimes I need to alter user's session data. I simply expected that the session data passed to write function are internally created like this:
serialize($_SESSION);
But they are not. They have this slightly different format than simple PHP serialized data:
user|a:24:{s:2:"id";s:2:"12";s:5:"email";s:19:...CUT...;}last_activity_time|i:1310535031;logged_everywhere|b:1;
Anybody knows what kind of serialization is internally used for serializing $_SESSION data for write function in session_set_save_handler() ? Or even better, if there is some unserialize and serialize function I can use to work with this data ?
回答1:
Please take a look at the PHP-Dokumentation for session_decode and session_encode. You will find complete samples for unserializing and serializing session strings in the comments.
回答2:
here's my 2 cents on this issue with php's internal serializer. it's not really parse-able outside of the user's session. So when I used session_set_save_handler() so I can save my session data to a database, and inside my write method, I can access the $_SESSION object, thus, I can save the serialized $_SESSION object to my database, then read or alter it there. The only drawback is, that if it's altered, it wont be a modification to the internal session data used by php.
This at least gives you parse-able access to the current user's session data, although, not the object.
function _write($id, $data)
{
if ($data == "")
{
return true;
}
global $database_connection;
global $table_prefix;
$clean_data = base64_encode(serialize($_SESSION));
$access = time();
$id = mysql_real_escape_string($id);
$access = mysql_real_escape_string($access);
$data = base64_encode($data);
$sql = "REPLACE
INTO " . $table_prefix . "sessions
VALUES ('$id', '$access', '$data', '$clean_data')";
return mysql_query($sql, $database_connection);
}
来源:https://stackoverflow.com/questions/6674676/what-kind-of-serialization-uses-php-function-session-set-save-handlers-write-fu