CodeIgniter Forums

Full Version: Session library and unserialize() error.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3

El Forum

[eluser]Twisted1919[/eluser]
My logs shows:
Code:
ERROR - 2011-02-06 20:37:49 --&gt; Severity: Notice  --&gt; unserialize() [<a href='function.unserialize'>function.unserialize</a>]: Error at offset 0 of 214 bytes /xxx/yyy/zzz/yyy/sys/libraries/Session.php 722
ERROR - 2011-02-06 21:03:26 --&gt; Severity: Notice  --&gt; unserialize() [<a href='function.unserialize'>function.unserialize</a>]: Error at offset 121 of 139 bytes /xxx/yyy/zzz/yyy/sys/libraries/Session.php 722

I am saving the session to database(CI Reactor), and the user_data field is MEDIUMTEXT so there is no way the issue is because of mysql truncating the record, so what it is ?

El Forum

[eluser]Twisted1919[/eluser]
The suspense is killing me, does anyone has an answer ? (Maybe the developers ?)

El Forum

[eluser]guidorossi[/eluser]
uhmm... wich PHP version are you using?


EDIT: check this out http://davidwalsh.name/php-serialize-unserialize-issues
Quote:It turns out that if there's a ", ', :, or ; in any of the array values the serialization gets corrupted.

El Forum

[eluser]MVUG[/eluser]
what CI version do you use? And what are you trying to unserialize, normal data or?

El Forum

[eluser]Twisted1919[/eluser]
Hi, I am using the 2.0 Reactor Version .
I am setting the session data like this:
Code:
$session_data=array(
'a'=>'b','c'=>'d','f'=>'g'
);
$this->session->set_userdata($session_data);
So there shouldn't be any error, but still it does.

El Forum

[eluser]MVUG[/eluser]
weird... already tried to install new CI again?

El Forum

[eluser]Twisted1919[/eluser]
Nope, i did not because i don't do things like this.
I know that all my libraries are up to date, so there is no use to make another install(and is not easy having in mind the complexity of the project).

Though, i extended the Session library like:
Code:
&lt;?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class MY_Session extends CI_Session{

    public function __construct()
    {
        parent::__construct();
    }
    
    /**
     * Update an existing session
     *
     * @access    public
     * @return    void
    */
    function sess_update()
    {
       // skip the session update if this is an AJAX call!
       if ( ! IS_AJAX )
       {
           parent::sess_update();
       }
    }
    
    // --------------------------------------------------------------------

    /**
     * Serialize an array
     *
     * This function first converts any slashes found in the array to a temporary
     * marker, so when it gets unserialized the slashes will be preserved
     *
     * @access    private
     * @param    array
     * @return    string
     */
    function _serialize($data)
    {
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (is_string($val))
                {
                    $data[$key] = str_replace('\\', '{{slash}}', $val);
                }
            }
        }
        else
        {
            if (is_string($data))
            {
                $data = str_replace('\\', '{{slash}}', $data);
            }
        }

        return base64_encode(serialize($data));
    }

    // --------------------------------------------------------------------

    /**
     * Unserialize
     *
     * This function unserializes a data string, then converts any
     * temporary slash markers back to actual slashes
     *
     * @access    private
     * @param    array
     * @return    string
     */
    function _unserialize($data)
    {
        $data = base64_decode($data);
        $data = @unserialize(strip_slashes($data));

        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (is_string($val))
                {
                    $data[$key] = str_replace('{{slash}}', '\\', $val);
                }
            }

            return $data;
        }

        return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data;
    }    

}

So now i am base64_encoding/decoding before before serialize/unserialize.
I need to do more tests to see if i receive the error again, if not i'll fill a bug report on this.

El Forum

[eluser]Twisted1919[/eluser]
Neah, the above solution is not valid, the issue is still open.


L.E: What is weird, is that if i copy the data from database and "unserialize" it, it gives no error whatsoever.

El Forum

[eluser]MVUG[/eluser]
[quote author="Twisted1919" date="1297281529"]Nope, i did not because i don't do things like this.
I know that all my libraries are up to date, so there is no use to make another install(and is not easy having in mind the complexity of the project).

Though, i extended the Session library like:
Code:
&lt;?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class MY_Session extends CI_Session{

    public function __construct()
    {
        parent::__construct();
    }
    
    /**
     * Update an existing session
     *
     * @access    public
     * @return    void
    */
    function sess_update()
    {
       // skip the session update if this is an AJAX call!
       if ( ! IS_AJAX )
       {
           parent::sess_update();
       }
    }
    
    // --------------------------------------------------------------------

    /**
     * Serialize an array
     *
     * This function first converts any slashes found in the array to a temporary
     * marker, so when it gets unserialized the slashes will be preserved
     *
     * @access    private
     * @param    array
     * @return    string
     */
    function _serialize($data)
    {
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (is_string($val))
                {
                    $data[$key] = str_replace('\\', '{{slash}}', $val);
                }
            }
        }
        else
        {
            if (is_string($data))
            {
                $data = str_replace('\\', '{{slash}}', $data);
            }
        }

        return base64_encode(serialize($data));
    }

    // --------------------------------------------------------------------

    /**
     * Unserialize
     *
     * This function unserializes a data string, then converts any
     * temporary slash markers back to actual slashes
     *
     * @access    private
     * @param    array
     * @return    string
     */
    function _unserialize($data)
    {
        $data = base64_decode($data);
        $data = @unserialize(strip_slashes($data));

        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (is_string($val))
                {
                    $data[$key] = str_replace('{{slash}}', '\\', $val);
                }
            }

            return $data;
        }

        return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data;
    }    

}

So now i am base64_encoding/decoding before before serialize/unserialize.
I need to do more tests to see if i receive the error again, if not i'll fill a bug report on this.[/quote]

Why are you base64 encoding/decoding here? There was an issue with CI and the serialize/unserializing of objects... In CI 2.0 this is fixed, check this code out: https://bitbucket.org/ellislab/codeignit...bb586e29d9

El Forum

[eluser]MVUG[/eluser]
mmm is this right?

Code:
return base64_encode(serialize($data));

shouldn't it be

Code:
return serialize(base64_encode($data));

You must first base64_encode your data and THEN serialize it. For unserialize you should unserialize and then base64_decode...
Pages: 1 2 3