unserialising session data

robgudgeon

i'm written some very basic session code to store the current login ID & the browser being used by a user, in a session:

<?php

$dir = '/tmp';

if($handle = opendir($dir)) { 
  while(false !== ($file = readdir($handle))) {
    if(preg_match("/^sess_\w{32}$/", $file)) {
      $serialized = file_get_contents("$dir/$file");
      echo "<pre>\n** serialised: $serialized\n";
      if(false !== ($array = unserialize($serialized)))
        echo "<pre>\n** unserialised: ".print_r($array)."\n";
      else
        echo "** error unserialising\n";
    } # end if(preg_match...
  } # end while(false   ...
} # end if($handle...

exit;
?>

but this only ever displays e.g:

serialised: user_agent|s:84:"Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0";who|s:9:"802651929";
error unserialising

have i got the wrong end of the stick here - I thought the data was stored on the server in serialised format, so if i called unserialize i should be able to access the data? i could write some messy code to parse these strings accordingly but many user agent strings contain semi-colons themselves, making this harder & messier

any comments or suggestions welcome
thanks, Rob

robgudgeon

if anyone's interested, this is how i solved the issue:

session_start();

echo "<pre>\n";

$dir = '/tmp';

if($handle = opendir($dir)) {

/* This is the correct way to loop over the directory. */
while (false !== ($file = readdir($handle))) {
 if(preg_match("/^sess_\w{32}$/", $file)) {
   $serialized = trim(file_get_contents("$dir/$file"));
   session_decode($serialized);
 #  print_r($_SESSION);
   if($_SESSION['who'] != '')
     $logged_in[$_SESSION['who']]++;
   $browsers[$_SESSION['user_agent']]++;
     session_unset(); # so that values are cleared e.g. 'who' wasn't being cleared on each run!  

 }
}
print_r($logged_in);
arsort($browsers);
print_r($browsers);
closedir($handle);
exit;
}

i had to call session_start before calling session_decode

Rob