NYCPHP Meetup

NYPHP.org

[nycphp-talk] Passing Objects Via Session in PHP 4

Phillip Powell phillip.powell at adnet-sys.com
Mon Sep 27 16:07:53 EDT 2004 

Dan Cech wrote:

> Phillip Powell wrote:
>
>> Dan Cech wrote:
>>
>>> 1. You don't need to manually serialize stuff you put into the 
>>> session through $_SESSION, php automatically serializes and 
>>> unserializes the $_SESSION array for you.
>>
>>
>> Ok I'm sorry I have to ask this: Why is it specific to just $_SESSION 
>> that it auto-serializes anything you put into it? Phil
>
>
> To understand this you need to have an understanding of how the 
> session mechanism actually works in PHP.
>
> Basically, the $_SESSION variable is just that; a variable, but it is 
> special for 2 reasons.
>
> 1. It is an autoglobal like $_GET, $_POST, etc.
>
> 2. PHP knows that you want anything you put into $_SESSION to be 
> accessible throughout the whole session.


Both of which I already know, however, that alone does not intuitively 
tell me that if you put something into $_SESSION that it will 
auto-serialize. 

>
> After the request has completed and the page has been sent to the 
> user, PHP takes the contents of the $_SESSION variable and serializes 
> it. This serialized value is then passed to the session handler 
> function for storage.
>
> The session handler built into php is 'files', which writes the 
> serialized string to a file in the directory defined in the 
> session_save_path ini setting.  You can also define your own session 
> handlers (See: http://php.net/session_set_save_handler)


Right.  It will save $_SESSION as a flat file with content.  That also 
does not tell me it will auto-serialize, otherwise, so will this:

fputs($fileID, array('hello', 'world'));

>
> When PHP receives another request for the same session, it will 
> retrieve and automatically unserialize the session data, placing the 
> unserialized array into the $_SESSION variable ready for your script 
> to use.
>
> So, the serializing it automatically done by php behind the scenes, 
> you don't have to do any of it.
>
> Dan

That's cool, however, what happens when you do serialize it anyway?  
I've been doing so in PHP 4.3.2 with cool results:

$_SESSION['myArray'] = serialize($myArray);
print_r(unserialize($_SESSION['myArray'])); // LOOKS LIKE AN ARRAY TO ME

It just seems too "random" for anyone to know that you never have to 
serialize anything into $_SESSION, although your explanations are fine.  
That's up there with knowing about "=@" IMHO.

Phil

> _______________________________________________
> New York PHP Talk
> Supporting AMP Technology (Apache/MySQL/PHP)
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.newyorkphp.org
>


-- 
---------------------------------------------------------------------------------
Phil Powell
Multimedia Programmer
BPX Technologies, Inc.
#: (703) 709-7218 x107 
Fax: (703) 709-7219

More information about the talk mailing list