userialize bug?

Re: userialize bug?


Harris Kosmidis wrote:[color=blue]
> Hello, I use php4.4.1 and when a user log in I use a class which stores
> some info for the user. I serialize the class in a session variable.
> I later on read the session var and unserializd to check for certain
> user info.[/color]

Since all information that is stored in session variables is
automatically serialized, you don't have to serialize it yourself.

Try just storing the class without doing the serialize and retrieve it
without doing the unserialize and see what happens.

Ken

Re: userialize bug?

Ken Robinson wrote:[color=blue]
> Harris Kosmidis wrote:
>[color=green]
>>Hello, I use php4.4.1 and when a user log in I use a class which stores
>>some info for the user. I serialize the class in a session variable.
>>I later on read the session var and unserializd to check for certain
>>user info.[/color]
>
>
> Since all information that is stored in session variables is
> automatically serialized, you don't have to serialize it yourself.
>
> Try just storing the class without doing the serialize and retrieve it
> without doing the unserialize and see what happens.
>
> Ken
>[/color]

I don't quite undrstand. What I want is to use the same class (with the
same vars filled in upon login) in many pages. That's why I use session
vars and serialize.
Is there a limit on how many bytes a SESSION var can store? (though my
data are less than 5Kb). And why doesn't this fail in php4.2?

Re: userialize bug?

Harris Kosmidis said the following on 10/09/2005 09:26:[color=blue]
> Ken Robinson wrote:
>[color=green]
>>Harris Kosmidis wrote:
>>
>>[color=darkred]
>>>Hello, I use php4.4.1 and when a user log in I use a class which stores
>>>some info for the user. I serialize the class in a session variable.
>>>I later on read the session var and unserializd to check for certain
>>>user info.[/color]
>>
>>
>>Since all information that is stored in session variables is
>>automatical ly serialized, you don't have to serialize it yourself.
>>
>>Try just storing the class without doing the serialize and retrieve it
>>without doing the unserialize and see what happens.
>>[/color]
>
> I don't quite undrstand. What I want is to use the same class (with the
> same vars filled in upon login) in many pages. That's why I use session
> vars and serialize.[/color]

The point is, you don't need to use serialize() and unserialize(), just
assign the class object to the session variable directly, i.e.:

$_SESSION["obj"] = $obj;

...

$obj = $_SESSION["obj"];


Beware the warning in the manual:

"Some types of data can not be serialized thus stored in sessions. It
includes resource variables or objects with circular references (i.e.
objects which passes a reference to itself to another object)."


--
Oli