EllisLab text mark
Advanced Search
1 of 2
1
2
Next
   
CI 1.7 Session Bug within object storage
 
hSATAC
Posted: 02 November 2008 04:58 AM   [ Ignore ]
Avatar
Joined: 2008-11-02
4 posts

I don’t know whether it’s a bug or what.
I would store a object in session sometimes, like this.

$this->session->set_userdata('session_name'$object); 

before 1.7, it worked just fine. But when I trying to upgrade my application to CI 1.7, it came wrong.

It will cause error messages like this:

A PHP Error was encountered

Severity: 4096

Message: Object of class stdClass could not be converted to string

Filename: libraries/Session.php

Line Number: 715

When I digged into 1.7 Session library, I found the problem.

Fixed a bug in the Session class that was disallowing slashes in the serialized array.

There are some new functions in Session library.

GOTO line 683 and line 714,

$data[$key] str_replace('{{slash}}''\\'$val); 

When $val is a object, it came wrong, just replace this line with

if(!is_object($val))    $data[$key] str_replace('{{slash}}''\\'$val); 

For those who got the same problem, this is my solution.
Hope there will be a hotfix soon.
 
Randy Casburn
Posted: 02 November 2008 11:07 AM   [ Ignore ]   [ # 1 ]   [ Rating: 0 ]
Joined: 2007-06-19
1002 posts

So I’m not the only one.  I also mentioned this problem.  Your report is much more clearly stated as I was so focused on my very specific problem (I was casting my data to an object prior to storing).

My mention of this is here: http://ellislab.com/forums/viewthread/94906/

Perhaps the Dereks are watching?  Some of us are throwing objects into the user_data storage area.  We’re having the hack the core of 1.7.0 (or extend it) in order to work around your “slash templating”.

Is this worth looking into?

Randy

 Signature 

My new therapist is working with me every day, the third one gave up… ohh
 
Brant
Posted: 02 November 2008 04:51 PM   [ Ignore ]   [ # 2 ]   [ Rating: 0 ]
Avatar
Joined: 2008-10-07
3 posts

@hSATAC

Could you please post the _unserialize and _serialize functions as you have them changed. I am having the same issue. I plan on creating a MY_Session with those to functions to fix the problem until v1.7.1 comes out. Thanks.

 Signature 

Never quit!
 
hSATAC
Posted: 03 November 2008 02:55 AM   [ Ignore ]   [ # 3 ]   [ Rating: 0 ]
Avatar
Joined: 2008-11-02
4 posts

This is my _serialize() and _unserialize() functions:

function _serialize($data)
    {
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if(!is_object($val))    $data[$key] str_replace('\\''{{slash}}'$val);
            }
        }
        else
        {
            $data str_replace('\\''{{slash}}'$data);
        }
        
        return serialize($data);
    }

    function _unserialize($data)
    {
        $data = @unserialize(strip_slashes($data));
        
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if(!is_object($val))    $data[$key] str_replace('{{slash}}''\\'$val);
            }
            
            return $data;
        }
        
        return str_replace('{{slash}}''\\'$data);
    

I also made my own hotfix for this problem.

I made a session_fix library extends the original Session library,
only overrides these two functions.

Get my code from here
and put it into /system/application/libraries/Session_fix.php

Load this library with a CI 1.7 new feature:

$this->load->library('session_fix''''session'); 

Now it’s done!
 
mantis
Posted: 06 November 2008 12:10 AM   [ Ignore ]   [ # 4 ]   [ Rating: 0 ]
Avatar
Joined: 2008-04-21
3 posts

@hSATAC
I have the same bug.
Now, It work fine. Thank your fix!
 
Brant
Posted: 06 November 2008 12:45 AM   [ Ignore ]   [ # 5 ]   [ Rating: 0 ]
Avatar
Joined: 2008-10-07
3 posts
<?php
if (! defined('BASEPATH'))
    exit('No direct script access allowed');

class MY_Session extends CI_Session
{

    function MY_Validation ()
    {
        parent::CI_Session();
    }

    // --------------------------------------------------------------------
    


    /**
     * Serialize an array
     * 
     * This is a copy of the original from 1.7.0
     * This is a bug fix for handling objects in a session
     * REF: http://ellislab.com/forums/viewthread/95690/
     *
     * This function first converts any slashes found in the array to a temporary
     * marker, so when it gets unserialized the slashes will be preserved
     *
     * @access  private
     * @param   array
     * @return  string
     */
    function _serialize ($data)
    {
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (! is_object($val))
                    $data[$key] str_replace('\\''{{slash}}'$val);
            }
        } else
        {
            $data str_replace('\\''{{slash}}'$data);
        }
        
        return serialize($data);
    }

    // --------------------------------------------------------------------
    


    /**
     * Unserialize
     *
     * This function unserializes a data string, then converts any
     * temporary slash markers back to actual slashes
     *
     * @access    private
     * @param    array
     * @return    string
     */
    function _unserialize ($data)
    {
        $data = @unserialize(strip_slashes($data));
        
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (! is_object($val))
                    $data[$key] str_replace('{{slash}}''\\'$val);
            }
            
            return $data;
        }
        
        return str_replace('{{slash}}''\\'$data);
    }

Thank you for the fix. Here is the MY_Session class

 Signature 

Never quit!
 
plxkarl
Posted: 18 November 2008 08:01 PM   [ Ignore ]   [ # 6 ]   [ Rating: 0 ]
Avatar
Joined: 2008-07-21
8 posts

for me noting worked when i installed ci 1.7…. just blank screen, when I debuged the ci i found out that the function:

function _unserialize($data)
    {
        $data = @unserialize(strip_slashes($data));
        
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                $data[$key] str_replace('{{slash}}''\\'$val);
            }
            
            return $data;
        }
        
        return str_replace('{{slash}}''\\'$data);
    

was not working because strip_slashes function from string helper was not loaded yet… I had to replace it with standard stripslashes function. (Didnt have time to debug if Session library was loaded before string helper)

 Signature 
 
Khoa
Posted: 08 December 2008 12:03 AM   [ Ignore ]   [ # 7 ]   [ Rating: 0 ]
Avatar
Joined: 2008-06-14
56 posts

This works like a charm! Thanks a lot hSATAC for the fix and Brant for putting into a file that I can just copy and paste and it works. I put the MY_Session file autoloaded as well because I already autoload the session library, I think that’s easier.
 
bretticus
Posted: 10 December 2008 07:47 PM   [ Ignore ]   [ # 8 ]   [ Rating: 0 ]
Avatar
Joined: 2008-09-11
966 posts

Thanks hSATAC & Brant. You saved my day!

 Signature 

Google Analytics HOWTO | Enable GET | Netbeans PHP Integration
 
Khoa
Posted: 10 December 2008 08:50 PM   [ Ignore ]   [ # 9 ]   [ Rating: 0 ]
Avatar
Joined: 2008-06-14
56 posts

Just a bit of curiosity off the topic, does Rick or whoever works on the core code of CI see these “bugs”? I’m just wondering how the process of developing and improving CI works. I see that there are a few MY_sth.php extending libraries floating around here and there in the forums. It would be nice if these files could be reviewed and integrated into the next version of CI.

I personally consider extending the core functions of CI somehow more or less like a “hack” to CI. Although CI does provide a very seamless and beautiful way of extending the library, these are not new functions for extending but instead bug fixes for the current functions. So these are not quite “extending” but actually “patching” I think. But don’t take me wrong, patching here is in a good way, not like windows patching tongue laugh

Does anyone know how this process works and would like to share? Maybe some lab assistant would do grin
 
hSATAC
Posted: 15 February 2009 03:43 AM   [ Ignore ]   [ # 10 ]   [ Rating: 0 ]
Avatar
Joined: 2008-11-02
4 posts

CI 1.7.1 was released few days ago, I went through the changelog but I saw nothing related to Session class.

Perhaps this is a “feature” instead of “bug”.

I haven’t download 1.7.1 to tryout that if it’s fixed of not.

Anyone wanna try it?
 
lukeinjax
Posted: 16 February 2009 03:29 PM   [ Ignore ]   [ # 11 ]   [ Rating: 0 ]
Joined: 2008-07-08
13 posts

I am experiencing this same issue. I’ve added the MY_Session file with the code above to my libraries folder, but I’m getting the following error:

A PHP Error was encountered

Severity4096

MessageObject of class __PHP_Incomplete_Class could not be converted to string

Filenamelibraries/MY_Session.php

Line Number71 

Anyone else having this issue?
 
littleram
Posted: 10 May 2009 07:27 PM   [ Ignore ]   [ # 12 ]   [ Rating: 0 ]
Joined: 2009-05-10
2 posts
lukeinjax - 16 February 2009 08:29 PM

I am experiencing this same issue. I’ve added the MY_Session file with the code above to my libraries folder, but I’m getting the following error:

A PHP Error was encountered

Severity4096

MessageObject of class __PHP_Incomplete_Class could not be converted to string

Filenamelibraries/MY_Session.php

Line Number71 

Anyone else having this issue?


This happens if you initialise the session before you’ve loaded the class definitions for the object you’re trying to save into the session. Ensure that you’ve include()‘d or require()‘d all the class definitions before you load the session library.

 Signature 

http://www.HiddenTao.com
 
TheFuzzy0ne
Posted: 18 May 2009 06:04 AM   [ Ignore ]   [ # 13 ]   [ Rating: 0 ]
Avatar
Joined: 2008-04-25
4852 posts

The above post is spam. Can we delete it so we aren’t indexing their Web site via Google.

EDIT: The post above is no longer spam. :D

 Signature 

http://www.phptherightway.com

Remember the 8 Ps: Perfect Planning and Prior Preparation Prevents Piss-Poor Performance.
 
Benedikt
Posted: 06 August 2009 03:21 PM   [ Ignore ]   [ # 14 ]   [ Rating: 0 ]
Avatar
Joined: 2007-08-29
94 posts

The fix works seems for storing an object (even the session-data is huge afterwards), but how can I retrieve the object from the session?

When I store an object like

$this->session->set_userdata('object'$this->object); 

I try to retrieve it via

$this->session->userdata('object'); 

which seems not to work.

What am I doing wrong? Thanks for an example.

 Signature 

Visit the german-speaking CI-community at http://codeigniter.ch
FreeBSD- and Server-Tutorials at http://serverzeit.de
The event-calendar for Mini-Drivers at http://miniyourlife.com
 
j2more
Posted: 20 August 2009 09:33 PM   [ Ignore ]   [ # 15 ]   [ Rating: 0 ]
Joined: 2009-07-18
10 posts

I hate to be negative but I am very fustrated with the quality of CI_Session. Despite the long history still nothing that works reliable.

I would have loved to stay with the framework in such a rather core part but now switched to native session for good. I couldnt get the serialization bug fixed in the 1.7.1. version. I thought it has maybe to do with the stripslashes and UTF8 - where CI is not compilant btw. .

Maybe this might be of interest for someone: My design decisions after numerous investigation regarding sessions are as follows:

1. Would have loved to use CI_Session as to have a scalable easy Session storage out of the box (session hijacking and security are not so a concern for us), also because I could have managed my session < 4kb. CI Session is not production quality and we cannot live with this.
2. We use File storage in favor of DB storage using native sessions. Why? Db is not faster (think overhead of establishing connnection), file storage works out of the box and has less failure points and needs less maintenance at our stage of the project.
3. Use Database when running multiple servers
4. Use Memcache if we in this distributed set up run into performance problems.
5. Also for performance consider op cache like APC or eAccelerator later

Cheers

 Signature 

Facebook PHP Coding adventures: http://uebersoftware.com
 
1 of 2
1
2
Next