Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:81078
Return-Path: <rowan.collins@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 66070 invoked from network); 24 Jan 2015 15:43:34 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Jan 2015 15:43:34 -0000
Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.174 as permitted sender)
X-PHP-List-Original-Sender: rowan.collins@gmail.com
X-Host-Fingerprint: 74.125.82.174 mail-we0-f174.google.com  
Received: from [74.125.82.174] ([74.125.82.174:40600] helo=mail-we0-f174.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BF/52-49997-6ADB3C45 for <internals@lists.php.net>; Sat, 24 Jan 2015 10:43:34 -0500
Received: by mail-we0-f174.google.com with SMTP id x3so2366721wes.5
        for <internals@lists.php.net>; Sat, 24 Jan 2015 07:43:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=user-agent:in-reply-to:references:mime-version
         :content-transfer-encoding:content-type:subject:from:date:to
         :message-id;
        bh=CZc9yYzJXHQC40e1nMNl1pqxlSlsoHqrgsLEyF9MzaI=;
        b=nrO2AhV0Bme1fINpp5pTVRDq2+bkfqg/HnCYW4Mwh9xolIDzEG94jZ07wjVwPIG9yZ
         +OO9EsqthVhvrtXxY9tNi7DASULqMDpAR+fUWmnutaB/K2SZsW/smWa9X6Z+OFdswYcR
         jNA6GAqRH0MVtEqR+fxkh2CVs0D7HgCxEiDMxG86bZyMSCfHvZL78M7GLGWNrUmgBKoY
         Z8i22wB2rFT4mgehNTOsQsYFWTY5bpTlqcCVlsEmUgIr/wMx+iZ3pfs0k+Ym3ncqVJEx
         JnRfx5kak7hOgj1YENQ8ihX1aR6qxYf47lXm0wIMYp660TJL38e9nu1LOQF1OmFCscr3
         QHcQ==
X-Received: by 10.180.90.177 with SMTP id bx17mr12672034wib.36.1422114210498;
        Sat, 24 Jan 2015 07:43:30 -0800 (PST)
Received: from [192.168.0.3] (cpc68956-brig15-2-0-cust215.3-3.cable.virginm.net. [82.6.24.216])
        by mx.google.com with ESMTPSA id lg7sm6313744wic.0.2015.01.24.07.43.29
        (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Sat, 24 Jan 2015 07:43:29 -0800 (PST)
User-Agent: K-9 Mail for Android
In-Reply-To: <CAGa2bXZN67hw_hLH7uWdYmMWKdNyxKUeAzrX1K+d3jiie4MZRg@mail.gmail.com>
References: <CAGa2bXZN67hw_hLH7uWdYmMWKdNyxKUeAzrX1K+d3jiie4MZRg@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
 charset=UTF-8
Date: Sat, 24 Jan 2015 15:42:26 +0000
To: Yasuo Ohgaki <yohgaki@ohgaki.net>,"internals@lists.php.net" <internals@lists.php.net>
Message-ID: <4775CF59-9190-4706-A09F-BCF4E798A76F@gmail.com>
Subject: Re: [PHP-DEV] User defined session serialize handler
From: rowan.collins@gmail.com (Rowan Collins)

On 24 January 2015 02:28:07 GMT, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
>I also would like to php_serialize handler as the default serializer
>and
>make php/php_binary deprecated.
>
>php/php_binary serializers are made to work with register_globals and
>have
>many limitations.
>e.g. Integer key not allowed, key cannot start with number, delimiter
>chars
>are invalid and
>ignored, etc. php_serialize does not have such limitations at all.

I'm in favour of this part. In the unlikely event that someone needs to access the same session data with PHP 5 and 7, they should be able to switch back to the old format, but for most users, plain serialise is a much more sensible format.

An additional problem with the existing format is that there are no functions to work with it outside of the $_SESSION array, so you can't just unserialize a local copy.

Regards,
-- 
Rowan Collins
[IMSoP]