Part of the EllisLab Network
CodeIgniter  >   Forum Home  >  CodeIgniter Development Forums  >  Help, is this a bug?  >  Thread
   
1 of 2
1
2
Next
CI 1.7 Session Bug within object storage
 
hSATAC
Posted: 02 November 2008 03:58 AM   [ Ignore ]  
Summer Student
Avatar
Total Posts:  4
Joined  11-02-2008

I don’t know whether it’s a bug or what.
I would store a object in session sometimes, like this.

$this->session->set_userdata('session_name'$object); 

before 1.7, it worked just fine. But when I trying to upgrade my application to CI 1.7, it came wrong.

It will cause error messages like this:

A PHP Error was encountered

Severity: 4096

Message: Object of class stdClass could not be converted to string

Filename: libraries/Session.php

Line Number: 715

When I digged into 1.7 Session library, I found the problem.

Fixed a bug in the Session class that was disallowing slashes in the serialized array.

There are some new functions in Session library.

GOTO line 683 and line 714,

$data[$key] str_replace('{{slash}}''\\'$val); 

When $val is a object, it came wrong, just replace this line with

if(!is_object($val))    $data[$key] str_replace('{{slash}}''\\'$val); 

For those who got the same problem, this is my solution.
Hope there will be a hotfix soon.
Profile
 
 
Randy Casburn
Posted: 02 November 2008 10:07 AM   [ Ignore ]   [ # 1 ]  
Lab Technician
RankRankRankRank
Total Posts:  1040
Joined  06-19-2007

So I’m not the only one.  I also mentioned this problem.  Your report is much more clearly stated as I was so focused on my very specific problem (I was casting my data to an object prior to storing).

My mention of this is here: http://codeigniter.com/forums/viewthread/94906/

Perhaps the Dereks are watching?  Some of us are throwing objects into the user_data storage area.  We’re having the hack the core of 1.7.0 (or extend it) in order to work around your “slash templating”.

Is this worth looking into?

Randy

 Signature 

My new therapist is working with me every day, the third one gave up… ohh
Profile
 
 
Brant
Posted: 02 November 2008 03:51 PM   [ Ignore ]   [ # 2 ]  
Summer Student
Avatar
Total Posts:  3
Joined  10-07-2008

@hSATAC

Could you please post the _unserialize and _serialize functions as you have them changed. I am having the same issue. I plan on creating a MY_Session with those to functions to fix the problem until v1.7.1 comes out. Thanks.

 Signature 

Never quit!
Profile
 
 
hSATAC
Posted: 03 November 2008 01:55 AM   [ Ignore ]   [ # 3 ]  
Summer Student
Avatar
Total Posts:  4
Joined  11-02-2008

This is my _serialize() and _unserialize() functions:

function _serialize($data)
    {
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if(!is_object($val))    $data[$key] str_replace('\\''{{slash}}'$val);
            }
        }
        else
        {
            $data str_replace('\\''{{slash}}'$data);
        }
        
        return serialize($data);
    }

    function _unserialize($data)
    {
        $data = @unserialize(strip_slashes($data));
        
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if(!is_object($val))    $data[$key] str_replace('{{slash}}''\\'$val);
            }
            
            return $data;
        }
        
        return str_replace('{{slash}}''\\'$data);
    

I also made my own hotfix for this problem.

I made a session_fix library extends the original Session library,
only overrides these two functions.

Get my code from here
and put it into /system/application/libraries/Session_fix.php

Load this library with a CI 1.7 new feature:

$this->load->library('session_fix''''session'); 

Now it’s done!
Profile
 
 
mantis
Posted: 05 November 2008 11:10 PM   [ Ignore ]   [ # 4 ]  
Summer Student
Avatar
Total Posts:  3
Joined  04-21-2008

@hSATAC
I have the same bug.
Now, It work fine. Thank your fix!
Profile
 
 
Brant
Posted: 05 November 2008 11:45 PM   [ Ignore ]   [ # 5 ]  
Summer Student
Avatar
Total Posts:  3
Joined  10-07-2008
<?php
if (! defined('BASEPATH'))
    exit('No direct script access allowed');

class MY_Session extends CI_Session
{

    function MY_Validation ()
    {
        parent::CI_Session();
    }

    // --------------------------------------------------------------------
    


    /**
     * Serialize an array
     * 
     * This is a copy of the original from 1.7.0
     * This is a bug fix for handling objects in a session
     * REF: http://codeigniter.com/forums/viewthread/95690/
     *
     * This function first converts any slashes found in the array to a temporary
     * marker, so when it gets unserialized the slashes will be preserved
     *
     * @access  private
     * @param   array
     * @return  string
     */
    function _serialize ($data)
    {
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (! is_object($val))
                    $data[$key] str_replace('\\''{{slash}}'$val);
            }
        } else
        {
            $data str_replace('\\''{{slash}}'$data);
        }
        
        return serialize($data);
    }

    // --------------------------------------------------------------------
    


    /**
     * Unserialize
     *
     * This function unserializes a data string, then converts any
     * temporary slash markers back to actual slashes
     *
     * @access    private
     * @param    array
     * @return    string
     */
    function _unserialize ($data)
    {
        $data = @unserialize(strip_slashes($data));
        
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                if (! is_object($val))
                    $data[$key] str_replace('{{slash}}''\\'$val);
            }
            
            return $data;
        }
        
        return str_replace('{{slash}}''\\'$data);
    }

Thank you for the fix. Here is the MY_Session class

 Signature 

Never quit!
Profile
 
 
plxkarl
Posted: 18 November 2008 07:01 PM   [ Ignore ]   [ # 6 ]  
Summer Student
Avatar
Total Posts:  8
Joined  07-21-2008

for me noting worked when i installed ci 1.7…. just blank screen, when I debuged the ci i found out that the function:

function _unserialize($data)
    {
        $data = @unserialize(strip_slashes($data));
        
        if (is_array($data))
        {
            foreach ($data as $key => $val)
            {
                $data[$key] str_replace('{{slash}}''\\'$val);
            }
            
            return $data;
        }
        
        return str_replace('{{slash}}''\\'$data);
    

was not working because strip_slashes function from string helper was not loaded yet… I had to replace it with standard stripslashes function. (Didnt have time to debug if Session library was loaded before string helper)

 Signature 
Profile
 
 
Khoa
Posted: 07 December 2008 11:03 PM   [ Ignore ]   [ # 7 ]  
Grad Student
Avatar
Rank
Total Posts:  61
Joined  06-14-2008

This works like a charm! Thanks a lot hSATAC for the fix and Brant for putting into a file that I can just copy and paste and it works. I put the MY_Session file autoloaded as well because I already autoload the session library, I think that’s easier.
Profile
 
 
bretticus
Posted: 10 December 2008 06:47 PM   [ Ignore ]   [ # 8 ]  
Research Assistant
Avatar
RankRankRank
Total Posts:  958
Joined  09-11-2008

Thanks hSATAC & Brant. You saved my day!

 Signature 

Google Analytics HOWTO | Enable GET | Netbeans PHP Integration
Profile
 
 
Khoa
Posted: 10 December 2008 07:50 PM   [ Ignore ]   [ # 9 ]  
Grad Student
Avatar
Rank
Total Posts:  61
Joined  06-14-2008

Just a bit of curiosity off the topic, does Rick or whoever works on the core code of CI see these “bugs”? I’m just wondering how the process of developing and improving CI works. I see that there are a few MY_sth.php extending libraries floating around here and there in the forums. It would be nice if these files could be reviewed and integrated into the next version of CI.

I personally consider extending the core functions of CI somehow more or less like a “hack” to CI. Although CI does provide a very seamless and beautiful way of extending the library, these are not new functions for extending but instead bug fixes for the current functions. So these are not quite “extending” but actually “patching” I think. But don’t take me wrong, patching here is in a good way, not like windows patching tongue laugh

Does anyone know how this process works and would like to share? Maybe some lab assistant would do grin
Profile
 
 
hSATAC
Posted: 15 February 2009 02:43 AM   [ Ignore ]   [ # 10 ]  
Summer Student
Avatar
Total Posts:  4
Joined  11-02-2008

CI 1.7.1 was released few days ago, I went through the changelog but I saw nothing related to Session class.

Perhaps this is a “feature” instead of “bug”.

I haven’t download 1.7.1 to tryout that if it’s fixed of not.

Anyone wanna try it?
Profile
 
 
lukeinjax
Posted: 16 February 2009 02:29 PM   [ Ignore ]   [ # 11 ]  
Summer Student
Total Posts:  13
Joined  07-08-2008

I am experiencing this same issue. I’ve added the MY_Session file with the code above to my libraries folder, but I’m getting the following error:

A PHP Error was encountered

Severity4096

MessageObject of class __PHP_Incomplete_Class could not be converted to string

Filenamelibraries/MY_Session.php

Line Number71 

Anyone else having this issue?
Profile
 
 
littleram
Posted: 10 May 2009 06:27 PM   [ Ignore ]   [ # 12 ]  
Summer Student
Total Posts:  2
Joined  05-10-2009
lukeinjax - 16 February 2009 07:29 PM

I am experiencing this same issue. I’ve added the MY_Session file with the code above to my libraries folder, but I’m getting the following error:

A PHP Error was encountered

Severity4096

MessageObject of class __PHP_Incomplete_Class could not be converted to string

Filenamelibraries/MY_Session.php

Line Number71 

Anyone else having this issue?


This happens if you initialise the session before you’ve loaded the class definitions for the object you’re trying to save into the session. Ensure that you’ve include()‘d or require()‘d all the class definitions before you load the session library.

 Signature 

www.HiddenTao.com
Profile
 
 
TheFuzzy0ne
Posted: 18 May 2009 05:04 AM   [ Ignore ]   [ # 13 ]  
Sr. Research Associate
Avatar
RankRankRankRankRank
Total Posts:  3894
Joined  04-25-2008

The above post is spam. Can we delete it so we aren’t indexing their Web site via Google.

EDIT: The post above is no longer spam. :D

 Signature 

Remember the 8 Ps: Perfect Planning and Prior Preparation Prevents Piss-Poor Performance.


Not sure where to start with your project? Need some inspiration? Check out my CodeIgniter Resources thread
Profile
 
 
Benedikt
Posted: 06 August 2009 02:21 PM   [ Ignore ]   [ # 14 ]  
Grad Student
Avatar
Rank
Total Posts:  97
Joined  08-29-2007

The fix works seems for storing an object (even the session-data is huge afterwards), but how can I retrieve the object from the session?

When I store an object like

$this->session->set_userdata('object'$this->object); 

I try to retrieve it via

$this->session->userdata('object'); 

which seems not to work.

What am I doing wrong? Thanks for an example.

 Signature 

Visit the german-speaking CI-community at http://codeigniter.ch
FreeBSD- and Server-Tutorials at http://serverzeit.de
The event-calendar for Mini-Drivers at http://miniyourlife.com
Profile
 
 
j2more
Posted: 20 August 2009 08:33 PM   [ Ignore ]   [ # 15 ]  
Summer Student
Total Posts:  10
Joined  07-18-2009

I hate to be negative but I am very fustrated with the quality of CI_Session. Despite the long history still nothing that works reliable.

I would have loved to stay with the framework in such a rather core part but now switched to native session for good. I couldnt get the serialization bug fixed in the 1.7.1. version. I thought it has maybe to do with the stripslashes and UTF8 - where CI is not compilant btw. .

Maybe this might be of interest for someone: My design decisions after numerous investigation regarding sessions are as follows:

1. Would have loved to use CI_Session as to have a scalable easy Session storage out of the box (session hijacking and security are not so a concern for us), also because I could have managed my session < 4kb. CI Session is not production quality and we cannot live with this.
2. We use File storage in favor of DB storage using native sessions. Why? Db is not faster (think overhead of establishing connnection), file storage works out of the box and has less failure points and needs less maintenance at our stage of the project.
3. Use Database when running multiple servers
4. Use Memcache if we in this distributed set up run into performance problems.
5. Also for performance consider op cache like APC or eAccelerator later

Cheers

 Signature 

Facebook PHP Coding adventures: http://uebersoftware.com
Profile
 
 
   
1 of 2
1
2
Next
 
‹‹ CI 1.7:if dbprefix is set, "$this->db->select" is trying to add dbprefix to its one of mysql funtion parameter.      Documentation: SMALL Typos ››
Powered By ExpressionEngine
ExpressionEngine Discussion Forum - Version 3.1.5 (20110621)
Script Executed in 0.7161 seconds
Atom Feed   RSS 2.0