Incompatibility with php versions lower than 5.5.4

[steffex]

Session serialization of php is not the same as the functions serialize() and unserialize() prior to php version 5.5.4.

If you use Zend Framework 2 for example, $_SESSION becomes a multi-dimensional array and that is being serialized in such a way that it is incompatible with the phpserialize library.

Here is an example:

__ZF|a:1:{s:20:"_REQUEST_ACCESS_TIME";d:1394123316.861037;}Default|a:1:{s:10:"login_name";s:5:"admin";}

__ZF and Default are actually just key names in the $_SESSION array. This is what the array looks like if you do var_dump($_SESSION):

array(2) {
  ["__ZF"] => array(1) {
    ["_REQUEST_ACCESS_TIME"] => float(1394123316.861037)
  }
  ["Default"] => array(1) {
    ["login_name"] => string(5) "admin"
  }
}

Since php 5.5.4, you have the option php_serialize which uses the plain serialization functions of php. This will make sure that the session data is serialized with php's serialize() and resolves the issue of phpserialize not being able to process this weird serialization of the default method. Click here for more information about the ini setting.

Perhaps it is a good idea to add this sidenote to the documentation.

[winhamwr]

Hi Stefen,

That does indeed seem very much worth documenting, thanks. If you or anyone else wants to submit a PR with this explanation (basically a verbatim quotation of what you've written would be great), I would happily accept it.

Thanks -Wes

[steffex]

Hi Wes,

i'll add this to the documentation.

Stefan