feat(serializer): pure-PHP session-data serializer#12
Merged
Conversation
NativePhpSessionSerializer wraps session_encode and session_decode. Both functions only operate on the active PHP session via the session module. Modern PSR-15 routes that own their session lifecycle through SessionLifecycle and middleware never call session_start, so the native serializer cannot read or write rows for them. PhpTextSessionSerializer implements PHP's default php session.serialize_handler format directly. Layout is a flat concatenation of <key>|<serialize($value)> records. Reader uses the re-serialize-and-measure trick to advance past each record because unserialize does not report bytes consumed. DefaultSessionSerializer dispatches to PhpTextSessionSerializer for session.serialize_handler=php and to PhpSessionSerializer for php_serialize. Other handlers (igbinary, custom) raise a clear error at construction. The handler is captured at construction time and frozen, matching how PHP's session module reads the ini once on open. Both formats produce the exact byte sequence that PHP's session module produces on the same payload, so legacy callers that go through session_start continue to read and write the same on-disk rows. Modern and legacy stacks share storage.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
NativePhpSessionSerializer wraps session_encode and session_decode.
Both functions only operate on the active PHP session via the session
module. Modern PSR-15 routes that own their session lifecycle through
SessionLifecycle and middleware never call session_start, so the
native serializer cannot read or write rows for them.
PhpTextSessionSerializer implements PHP's default php
session.serialize_handler format directly. Layout is a flat
concatenation of |<serialize($value)> records. Reader uses the
re-serialize-and-measure trick to advance past each record because
unserialize does not report bytes consumed.
DefaultSessionSerializer dispatches to PhpTextSessionSerializer for
session.serialize_handler=php and to PhpSessionSerializer for
php_serialize. Other handlers (igbinary, custom) raise a clear error
at construction. The handler is captured at construction time and
frozen, matching how PHP's session module reads the ini once on open.
Both formats produce the exact byte sequence that PHP's session
module produces on the same payload, so legacy callers that go
through session_start continue to read and write the same on-disk
rows. Modern and legacy stacks share storage.