I am trying to manually decode a session using session_decode, and the when I use PHP 4.1.1, the session is decoded (and registered in global namespace) properly. When I use 4.anything.later the session is not decoded properly.

I've tried checking the return value from session_decode, but that always returns false (with all the versions I've tested).

I have register_globals turned on, and magic_quotes_gpc turned off. Other than that, all options are default.

Here is an example of how I am using session_decode in my program. Can you see anything that might be amiss?

<?
function my_decode($sessionData) {
    // Make the global so the session_decode function will put
    // the session data in the proper scope.
    global $srvsess;

/*
Decode the session here
session_decode seems to always returns false, even if
it succeeds, so we don't check its return value.
*/
session_decode($sessionData);

/*
The session is not empty, and always contains a single
member: $srvsess, which should be an array containing
the contents of the session (The system was designed
before "$_SESSION" existed)
*/
if(!session_is_registered("srvsess")) {
    return "This session does not show any valid data!";
}
}
?>

Tom Brown
An online Starcraft RPG? Only at:
http://www.netnexus.com/

Here is a sample session that I have been using:
srvsess|a:3:{s:3:"pin";s:10:"12345ABCDE";s:4:"name";s:9:"Tom Brown";s:4:"code";s:12:"124563326488";}

    hey cmburns69,

    Maybe it's a foolish question, but did you start the session with session_start() before trying to decode your data ? In fact I think session_decode will try to register the variables contained by $sessionData into the session variables with the same name. So, if you did not start the session, the registration will be impossible.

    (Didn't know about the $srvsess variable, are you sure your variables are not set with names like $pin or $name e.g. ?)

      I tried your suggestion, and it worked. From what I can see, session_decode requires $SESSION. If session_start() is not called, $SESSION does not exist as a superglobal, and session_decode cannot properly use it.

      The overall problem is that I need to use session data, but I can't use them the way PHP uses them. I need to decode a session, encode it, save it, and do the same for many other sessions.

      I need a way (other than an ugly hack) to use this function without worrying that it will write to the disk when the request is done.

      Tom Brown
      An online Starcraft RPG? Only at
      http://www.netnexus.com

        Hum...
        Don't really know how you can do what you want.
        But for example you could try to write a custom function which you'll call session_decode and that would override the PHP' session_decode function. Your custom function should start the session, decode data through PHP session_decode() and copy all of the session variables contained in $_SESSION to $srvsess.

        I think this could be a nice solution (?)

          The "srvsess" variable is already defined in the session, so all it needs is to be imported in to the global namespace. The big problem with starting the session normally is that I don't want to have worry about the session being written if I make changes.

          I want the access to the session to be read-only, but I'm worried that "session_destroy" might try and erase the session on-disk.

          An alternative I might use is to implement the user-session functions as empty shells, except for the read function...

          Another alternative would be to write a version of session_decode, which doesn't depend on the session having been started.

          I believe that session_decode requires use of $SESSION as a superglobal, and it doesn't exist as such until session_start has been called at least once. If I could manually create $SESSION as a superglobal myself, I believe it would work as well.

          Do you know of any way to define your own superglobals?

          Tom Brown
          An online Starcraft RGP? Only at
          http://www.netnexus.com

            Write a Reply...