CI 1.7 Session Bug within object storage

[eluser]hSATAC[/eluser]
I don't know whether it's a bug or what.
I would store a object in session sometimes, like this.

Code:

$this->session->set_userdata('session_name', $object);

before 1.7, it worked just fine. But when I trying to upgrade my application to CI 1.7, it came wrong.

It will cause error messages like this:

A PHP Error was encountered

Severity: 4096

Message: Object of class stdClass could not be converted to string

Filename: libraries/Session.php

Line Number: 715

When I digged into 1.7 Session library, I found the problem.

Fixed a bug in the Session class that was disallowing slashes in the serialized array.

There are some new functions in Session library.

GOTO line 683 and line 714,

Code:

$data[$key] = str_replace('{{slash}}', '\\', $val);

When $val is a object, it came wrong, just replace this line with

Code:

if(!is_object($val))    $data[$key] = str_replace('{{slash}}', '\\', $val);

For those who got the same problem, this is my solution.
Hope there will be a hotfix soon.

[eluser]Randy Casburn[/eluser]
So I'm not the only one. I also mentioned this problem. Your report is much more clearly stated as I was so focused on my very specific problem (I was casting my data to an object prior to storing).

My mention of this is here: http://ellislab.com/forums/viewthread/94906/

Perhaps the Dereks are watching? Some of us are throwing objects into the user_data storage area. We're having the hack the core of 1.7.0 (or extend it) in order to work around your "slash templating".

Is this worth looking into?

Randy

[eluser]Brant[/eluser]
@hSATAC

Could you please post the _unserialize and _serialize functions as you have them changed. I am having the same issue. I plan on creating a MY_Session with those to functions to fix the problem until v1.7.1 comes out. Thanks.

[eluser]hSATAC[/eluser]
This is my _serialize() and _unserialize() functions:

Code:

function _serialize($data)
    {
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if(!is_object($val))    $data[$key] = str_replace('\\', '{{slash}}', $val);
            }
        }
        else
        {
            $data = str_replace('\\', '{{slash}}', $data);
        }
        
        return serialize($data);
    }

    function _unserialize($data)
    {
        $data = @unserialize(strip_slashes($data));
        
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if(!is_object($val))    $data[$key] = str_replace('{{slash}}', '\\', $val);
            }
            
            return $data;
        }
        
        return str_replace('{{slash}}', '\\', $data);
    }

I also made my own hotfix for this problem.

I made a session_fix library extends the original Session library,
only overrides these two functions.

Get my code from here
and put it into /system/application/libraries/Session_fix.php

Load this library with a CI 1.7 new feature:

Code:

$this->load->library('session_fix', '', 'session');

Now it's done!

[eluser]mantis[/eluser]
@hSATAC
I have the same bug.
Now, It work fine. Thank your fix!

[eluser]Brant[/eluser]

Code:

<?php
if (! defined('BASEPATH'))
    exit('No direct script access allowed');

class MY_Session extends CI_Session
{

    function MY_Validation ()
    {
        parent::CI_Session();
    }

    // --------------------------------------------------------------------
    


    /**
     * Serialize an array
     *
     * This is a copy of the original from 1.7.0
     * This is a bug fix for handling objects in a session
     * REF: http://ellislab.com/forums/viewthread/95690/
     *
     * This function first converts any slashes found in the array to a temporary
     * marker, so when it gets unserialized the slashes will be preserved
     *
     * @access  private
     * @param   array
     * @return  string
     */
    function _serialize ($data)
    {
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (! is_object($val))
                    $data[$key] = str_replace('\\', '{{slash}}', $val);
            }
        } else
        {
            $data = str_replace('\\', '{{slash}}', $data);
        }
        
        return serialize($data);
    }

    // --------------------------------------------------------------------
    


    /**
     * Unserialize
     *
     * This function unserializes a data string, then converts any
     * temporary slash markers back to actual slashes
     *
     * @access    private
     * @param    array
     * @return    string
     */
    function _unserialize ($data)
    {
        $data = @unserialize(strip_slashes($data));
        
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (! is_object($val))
                    $data[$key] = str_replace('{{slash}}', '\\', $val);
            }
            
            return $data;
        }
        
        return str_replace('{{slash}}', '\\', $data);
    }
}

Thank you for the fix. Here is the MY_Session class

[eluser]plxkarl[/eluser]
for me noting worked when i installed ci 1.7.... just blank screen, when I debuged the ci i found out that the function:

Code:

function _unserialize($data)
    {
        $data = @unserialize(strip_slashes($data));
        
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                $data[$key] = str_replace('{{slash}}', '\\', $val);
            }
            
            return $data;
        }
        
        return str_replace('{{slash}}', '\\', $data);
    }

was not working because strip_slashes function from string helper was not loaded yet... I had to replace it with standard stripslashes function. (Didnt have time to debug if Session library was loaded before string helper)

[eluser]Khoa[/eluser]
This works like a charm! Thanks a lot hSATAC for the fix and Brant for putting into a file that I can just copy and paste and it works. I put the MY_Session file autoloaded as well because I already autoload the session library, I think that's easier.

[eluser]bretticus[/eluser]
Thanks hSATAC & Brant. You saved my day!

[eluser]Khoa[/eluser]
Just a bit of curiosity off the topic, does Rick or whoever works on the core code of CI see these "bugs"? I'm just wondering how the process of developing and improving CI works. I see that there are a few MY_sth.php extending libraries floating around here and there in the forums. It would be nice if these files could be reviewed and integrated into the next version of CI.

I personally consider extending the core functions of CI somehow more or less like a "hack" to CI. Although CI does provide a very seamless and beautiful way of extending the library, these are not new functions for extending but instead bug fixes for the current functions. So these are not quite "extending" but actually "patching" I think. But don't take me wrong, patching here is in a good way, not like windows patching :-P

Does anyone know how this process works and would like to share? Maybe some lab assistant would do :-)