Welcome Guest, Not a member yet? Register   Sign In
Error with _unserialize in Session.php

Hi, after almost five hours of debugging I've come upon something strange.

My problem was that once I enabled the session library the application could only load as long there were no cookie set.
Everytime a cookie was set the application would just show a blank page, at first I thought it had to do with my Apache configuration and the header. Absolutely nothing was logged in apache, php etc.

I finally tracked it down to the Session.php core file.
After trying my way down the methods, I found that
$data = @unserialize(strip_slashes($data));
would just kill the application without warning or display errors.

Right now I've just done a quick fix and removed both serialize and unserialize with a json_encode and json_decode.
Works like a charm.

Anyone else had the same problem or now what could be the reason of this?

You could be running out of room to store your sessions. If you are only using cookies, they can only hold 4k of data (that's after it's encrypted - which is larger than preenctyption). So if it's too big, your data will get truncated in the cookie and then it can't unserialize it because it's an incomplete serialized string now.

This can be avoided by using the db for storing your sessions as it's not limited to the cookie size as then it's only storing the session hash in the cookie instead of the data. This is a lot more secure as well since you can't snoop/alter the data in the cookie.

I don't think that's the problem as I used the database and the size of the cookie was around 860 bytes.
I also printed the serialized string and nothing was trimmed of.

Interesting. I'd play with the session settings like the cookie name.

Theme © iAndrew 2016 - Forum software by © MyBB