• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Session library and unserialize() error.

#1
[eluser]Twisted1919[/eluser]
My logs shows:
Code:
ERROR - 2011-02-06 20:37:49 --&gt; Severity: Notice  --&gt; unserialize() [<a href='function.unserialize'>function.unserialize</a>]: Error at offset 0 of 214 bytes /xxx/yyy/zzz/yyy/sys/libraries/Session.php 722
ERROR - 2011-02-06 21:03:26 --&gt; Severity: Notice  --&gt; unserialize() [<a href='function.unserialize'>function.unserialize</a>]: Error at offset 121 of 139 bytes /xxx/yyy/zzz/yyy/sys/libraries/Session.php 722

I am saving the session to database(CI Reactor), and the user_data field is MEDIUMTEXT so there is no way the issue is because of mysql truncating the record, so what it is ?

#2
[eluser]Twisted1919[/eluser]
The suspense is killing me, does anyone has an answer ? (Maybe the developers ?)

#3
[eluser]guidorossi[/eluser]
uhmm... wich PHP version are you using?


EDIT: check this out http://davidwalsh.name/php-serialize-unserialize-issues
Quote:It turns out that if there's a ", ', :, or ; in any of the array values the serialization gets corrupted.

#4
[eluser]MVUG[/eluser]
what CI version do you use? And what are you trying to unserialize, normal data or?

#5
[eluser]Twisted1919[/eluser]
Hi, I am using the 2.0 Reactor Version .
I am setting the session data like this:
Code:
$session_data=array(
'a'=>'b','c'=>'d','f'=>'g'
);
$this->session->set_userdata($session_data);
So there shouldn't be any error, but still it does.

#6
[eluser]MVUG[/eluser]
weird... already tried to install new CI again?

#7
[eluser]Twisted1919[/eluser]
Nope, i did not because i don't do things like this.
I know that all my libraries are up to date, so there is no use to make another install(and is not easy having in mind the complexity of the project).

Though, i extended the Session library like:
Code:
&lt;?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class MY_Session extends CI_Session{

    public function __construct()
    {
        parent::__construct();
    }
    
    /**
     * Update an existing session
     *
     * @access    public
     * @return    void
    */
    function sess_update()
    {
       // skip the session update if this is an AJAX call!
       if ( ! IS_AJAX )
       {
           parent::sess_update();
       }
    }
    
    // --------------------------------------------------------------------

    /**
     * Serialize an array
     *
     * This function first converts any slashes found in the array to a temporary
     * marker, so when it gets unserialized the slashes will be preserved
     *
     * @access    private
     * @param    array
     * @return    string
     */
    function _serialize($data)
    {
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (is_string($val))
                {
                    $data[$key] = str_replace('\\', '{{slash}}', $val);
                }
            }
        }
        else
        {
            if (is_string($data))
            {
                $data = str_replace('\\', '{{slash}}', $data);
            }
        }

        return base64_encode(serialize($data));
    }

    // --------------------------------------------------------------------

    /**
     * Unserialize
     *
     * This function unserializes a data string, then converts any
     * temporary slash markers back to actual slashes
     *
     * @access    private
     * @param    array
     * @return    string
     */
    function _unserialize($data)
    {
        $data = base64_decode($data);
        $data = @unserialize(strip_slashes($data));

        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (is_string($val))
                {
                    $data[$key] = str_replace('{{slash}}', '\\', $val);
                }
            }

            return $data;
        }

        return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data;
    }    

}

So now i am base64_encoding/decoding before before serialize/unserialize.
I need to do more tests to see if i receive the error again, if not i'll fill a bug report on this.

#8
[eluser]Twisted1919[/eluser]
Neah, the above solution is not valid, the issue is still open.


L.E: What is weird, is that if i copy the data from database and "unserialize" it, it gives no error whatsoever.

#9
[eluser]MVUG[/eluser]
[quote author="Twisted1919" date="1297281529"]Nope, i did not because i don't do things like this.
I know that all my libraries are up to date, so there is no use to make another install(and is not easy having in mind the complexity of the project).

Though, i extended the Session library like:
Code:
&lt;?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class MY_Session extends CI_Session{

    public function __construct()
    {
        parent::__construct();
    }
    
    /**
     * Update an existing session
     *
     * @access    public
     * @return    void
    */
    function sess_update()
    {
       // skip the session update if this is an AJAX call!
       if ( ! IS_AJAX )
       {
           parent::sess_update();
       }
    }
    
    // --------------------------------------------------------------------

    /**
     * Serialize an array
     *
     * This function first converts any slashes found in the array to a temporary
     * marker, so when it gets unserialized the slashes will be preserved
     *
     * @access    private
     * @param    array
     * @return    string
     */
    function _serialize($data)
    {
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (is_string($val))
                {
                    $data[$key] = str_replace('\\', '{{slash}}', $val);
                }
            }
        }
        else
        {
            if (is_string($data))
            {
                $data = str_replace('\\', '{{slash}}', $data);
            }
        }

        return base64_encode(serialize($data));
    }

    // --------------------------------------------------------------------

    /**
     * Unserialize
     *
     * This function unserializes a data string, then converts any
     * temporary slash markers back to actual slashes
     *
     * @access    private
     * @param    array
     * @return    string
     */
    function _unserialize($data)
    {
        $data = base64_decode($data);
        $data = @unserialize(strip_slashes($data));

        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (is_string($val))
                {
                    $data[$key] = str_replace('{{slash}}', '\\', $val);
                }
            }

            return $data;
        }

        return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data;
    }    

}

So now i am base64_encoding/decoding before before serialize/unserialize.
I need to do more tests to see if i receive the error again, if not i'll fill a bug report on this.[/quote]

Why are you base64 encoding/decoding here? There was an issue with CI and the serialize/unserializing of objects... In CI 2.0 this is fixed, check this code out: https://bitbucket.org/ellislab/codeignit...bb586e29d9

#10
[eluser]MVUG[/eluser]
mmm is this right?

Code:
return base64_encode(serialize($data));

shouldn't it be

Code:
return serialize(base64_encode($data));

You must first base64_encode your data and THEN serialize it. For unserialize you should unserialize and then base64_decode...


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.