开发者

Zend Session DB Handler and Serialized Data

问答 作者:

We are using Zend Framework 1.7 on a project (old, I know) and just made a change to move the session data from files to the database. This appears to be working fine in both environments we deployed it in.

However, there is one big difference: in environment A (PHP 5.2), the session data is being stored in a plaintext serialized format, e.g.:

key|[php serialized array]

In environment B (PHP 5.3), the data appears to be getting base64 encoded somehow:

IpgJ4fbSZ0v2qi4RmGcgQ9tP7YEUyN1R9-7oroGl4071fnlk_UVkkrkUcpdHdw_UsRYy-6NpL61gTuL2Htcmv3HU5UM3ClwSDndY40kyimDPs3SdS7gNHwhwdpailLOfrIxqV48hZDhNHKlIpSX2QZm0jOHjRhZc2kjXnMgqioLqJiDdgyUCRnqKcZ_ZtBISq8BAZARW61P5Ls_ZSO506ltuNqIJIJGkV2R7qvDKLLCtxUQUwd7P8IlJiC7iq_Q4GIn3gMr0KwAHLP6a开发者_运维百科dzxSusVk5begrx9lBk9Dxp8KkJ8Gx8rfKJfvVBIJKZgmsFsWq41dV0J4y1Lgihvx9nU73g..

Both environments appear to be working otherwise, but I need to make sure we understand why this is happening, and I can't seem to find any documentation or similar situation anywhere. My assumption is that the difference in PHP version and/or configuration in php.ini is influencing it, but I am at a loss as to how.

I had the same problem today on a clustered server, in one I had php 5.2 and in the other php 5.3.

My initial guess was also a version problem, but I found so far that suhosin was the problem since was encrypting the session.

You can decrypt the session, just in the machine it was encrypted; to do you you should change the following in your php.ini:

suhosin.session.encrypt = on
suhosin.cookie.encrypt = on
session.save_handler = files
session.save_path = /tmp

and later write a script like:

$data = $argv[1];
$sessid = 'recovering';
file_put_contents("/tmp/sess_{$sessid}", $data);

session_id($sessid);
session_start();
print_r($_SESSION);

Which will only copy the encrypted string into a sess file and print contents (you can serialize to match the normal session behavior)

Of course if you want later that php don't encrypt through suhosin, you need to set .encrypt = off

继续阅读:phpserializationsessionzend-framework

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9