[PHP-DEV] Re: User defined session serialize handler

Yasuo Ohgaki Fri, 23 Jan 2015 18:37:34 -0800

Hi all,

Additional comments.


On Sat, Jan 24, 2015 at 11:28 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:

> php.ini :
>  There is "session.serialize_handler" (Default: php) "user" will be added,
> but user must use
>  session_set_serialize_handler() just like session_set_save_handler().
>
> I also would like to php_serialize handler as the default serializer and
> make php/php_binary deprecated.
>
> php/php_binary serializers are made to work with register_globals and have
> many limitations.
> e.g. Integer key not allowed, key cannot start with number, delimiter
> chars are invalid and
> ignored, etc. php_serialize does not have such limitations at all.
>

php_serialize uses plain PHP serialize/unserialize for $_SESSION. i.e.
Serialized data is the same
as serialize($_SESSION).  php_serialize is introduced from PHP 5.5.

Regards,

--
Yasuo Ohgaki
yohg...@ohgaki.net

[PHP-DEV] Re: User defined session serialize handler

Reply via email to