I'm using CodeIgniter 3.x with database session driver and i want to access data cloumn that BLOB type. Here my blob data:
__ci_last_regenerate|i:1435420891;identity|s:13:"john#doe.com ";username|s:13:"johndoe";email|s:13:"john#doe.com ";user_id|s:1:"5";old_last_login|s:10:"1435412865";
I tried with unserialize($string) but didnt work!
unserialize(): Error at offset 0
How can i access blob data element? For ex: $user['email']
There's no straight-forward way to do that ... You could use session_decode(), but it requires that you already have an active session, so that it can put the decoded data into $_SESSION.
I must tell you however, if you want to do that - you're doing it wrong. You should never access another user's session. If there's some data that's tied to a session that's not explicit to the user who owns the session, you should just add another field to the sessions table and save it in there.
I got the solution here
So I have used session decode http://php.net/session_decode
session_decode('__ci_last_regenerate|i:1446535049;ci_UserID|s:1:"2";ci_UserName|s:24:"example#xyz.com";logged_in|b:1;');
So session decode stored all the encrypted data in normal php session.
Which I can access using:
echo $_SESSION['ci_UserID'];
As Narf says there is no easy way to do this.
ykay;s solution presupposes that you are using the current built in session handler. That can be changed at any time by the application, and there are no guarantees that PHP will keep this format.
Your solution trashes the current session and replaces it with the stored data (but at least it will use the "current" serialization method).
The serialization function and the read/write operations for session_ functions can be overridden at runtime. As long as you read back data encoded using the same mechanism as you use for decoding your mechanism will work - but it is a bad approach for long term storage of data or for use in a context where you cannot guarantee consistency of the PHP installations reading the data.
The right way to fix the problem of reading session data outside of a user's session is to use the serialize/unserialize format:
ini_set("session.serialize_handler", 'php_serialize');
Then use unserialize() to read the data.
I have seen many similar questions on the overflow, but none of them really addressed my scenario hence I am opening this question.
I am working on a project where there is database of thousands of mp3 tracks and mixes. Each mp3 file has an id and associated information on database. Now a shopping cart is being build in a way that user can select tracks and add to the cart. When a track is being added to cart its id is stored in the session and this works fine.
Now the problem arrives when there is large number of id's stored in a session. A session being a cookie [codeignitor] , I know it has 4kb of storage.
What will be the best practice to get this data preserved? I know that I have to change my strategy and move out of using session.
I tried using database [mysql], its not only slower but also has several issues, like each new user need to have a row added to database tables, how to clear these tables after use.. etc etc.
I tried using memcached but I believe that is not the right choice since the data that I am trying to store is not that huge. Also memcached has several issues on windows platform, provided I am not sure if the client will deploy it on a linux / windows server.
I need a native cross platform solution. I have done quiet a lot of research and did not find a reliable solution yet.
I use codeigniter framework, hence you can suggest any PHP or codeigniter solutions, thanks much.
You talk about storing things "in the session" so I assume you're using PHP's session handler, not setting cookies individually.
In this case, the session storage is all done on the server side, so a 4k limit does not apply. Take a look at your http headers during a request, and you will see only something like this:
Set-Cookie: PHPSESSID=1234abcde56789f
This session ID refers to a file (typically stored in a directory, e.g. /var/lib/php/session/ on RHEL distros) which contains the actual data as a serialized PHP object.
Why dont you try setcookie() function in php?
you can store as much amount of data you want in the cookie,and store the refrence to the session in database!
hope you will understand my answer!
what miken32 is saying is correct. And if you are using Codeigniter, then set up a session database table and use codeigniter sessions. if you use a db table then its just an id which is set on the cookie. be sure and start with the official codeigniter session db table so it works properly.
codeigniter session class has built in 'garbage collection'.
all explained here, scroll down for the database portion:
http://ellislab.com/codeigniter/user-guide/libraries/sessions.html
Using a native PHP session is the right way to move, as the fellow users answered a php session stores only id on to cookie, But codeignitor behaves differently, it stores all the data on to cookie and this is where the catch is.
Moving on to normal PHP session was a pain because I have to change the codes allover the project. After a little research and testing I have come to a conclusion that [Native Session library for CI][1]
[1]: https://github.com/EllisLab/CodeIgniter/wiki/Native-session by Derek Jones is an awesome alternative to use PHP sessions over CI with the same CI session functions and syntax.
So to conclude , Either use PHP sessions from the scratch or use this library as an alternative to overcome CI session size Limitations.
I am using Phil Sturgeon's cache library -- http://getsparks.org/packages/cache/show.
This works nicely - the only thing is that now I notice that each time a cached page is loaded, I get this message in my log:
The session cookie data did not match what was expected. This could be a possible hacking attempt.
My sessions are stored in the database.
Does anyone have any pointer on what I should look into to solve this problem?
i suggest you to search trough your ide in the library for "The session cookie data did not match what was expected. This could be a possible hacking attempt."
usually IDE has a ctrl+f find option just search and you'll be able to understand what is causing this message, then if you didn't catched post the code snippet ;)
NB : usually if you are using an encryption key for the session in
your config.php , and you change that it will throwns exactly the same
error, cause the old session has a different encryption key (the old
one you used)
I´m having some serious trouble debugging this particular problem and I hope someone has a clue what i´m doing wrong.
I have a Custom CMS system working that uses Paragraphs as building blocks that get updated using Ajax(prototypejs) calls and functions that parse the HTML chunks in given order, clean them up and save this data in associative arrays in a Session variable.
Users log in, Session is created and I can check for this session without problem in every page I need it. The system works directly on the definitive websites, so the user can see his updates on realtime and browse the site as a normal user would do, but editing.
So, nothing new here. But here is the weird thing.
Enduser site on edit mode(admin user logged in): path "/"
After the logged status is verified, a function processes the editable content and saves an associative array to session, it also starts some javascript objects for editing every paragraph. Data is actually saved, I can use an external script to check if it´s there after this php script ends.If I load a new page(new content), Session gets updated with new data)
Admin User modifies a paragraph using an Inplaceeditor and this HTML chunk is send via Ajax to a php script that starts the named session, reads the present session data, checks if a paragraph should be modified, appended or deleted and reassigns values to existing array keys in $_SESSION. if i make a var_dump() o print_r to $_SESSION after assigning new data is there.After that the script echoes the processed html, and ajax updates the original paragraph on the calling page.
This script is in /admin/cms/...etc, that means at least 4 directories inside the root of the site.
When the script ends, I check using the same session dump script to see if data was really written/commited, but no, $_SESSION has only the original data from the calling page.
Same ID, same session name, same session_start() but no data gets written.
This whole operation is very quick, so I though it could be a speed problem, scripts ends before session_write_close can make his work.
But if I add a new key to $_SESSION array and put some data there, data gets updated and written. If i don´t output anything on this script and just process data and set session variables it also get´s updated and written.
It´s like some members of $_SESSION array are getting blocked to update.
What i did to track this error and what i´m sure i´m not doing wrong.
1.- register_globals are off of course
2.- session_name() and session_start() are always present and in the given
order. I used to have multiple
session_start() -close on a same page
to use several named sessions, but to
refine the problem this is not longer
so.
3.- I use session_write_close() after session data is processed. Also
tried without, letting php decide
when to commit data, but no luck.
4.- I`m using only cookies for SID.
5.- sessions are stored on /tmp, i can see the data getting updated.
I also tried using a custom save
handler on DB, but same problem,
"_write" got only called when no output as present.
I searched php.net, stackoverflow, google, etc for this subject. I never ask without investigation, this is my first time in many years...but it´s just so unlogical it must be something tiny a haven´t thought of.
The most weird thing is that when I just process data without output $_SESSION gets updated ok. But if i modify this script afterwards by adding the output and try again, instead of just having the new(last) value present I get the original value back, the one created by the calling page at first place, sometimes after playing around a few times! PHP can´t cache values between scripts or?I dont have globlals on.
I´m really clueless. This system worked flawless on PHP4.3, since i´m using 5.3.3 for two moths my users where caliming data where getting mixed up, so i checked and yes, there are serious problems. Today I updated to (5.3.6) and I can´t get this session values commited.
Script code called via Ajax:
<?
session_cache_limiter('nocache');
session_name("CMS_ses");
session_start();
include('../htmLawed/htmLawed.php');
include("utils_cms.php");
include("../../../php/utils_array.php");
$value=$_POST['value'];
$editorId=$_POST['editorId'];
$clase=$_POST['clase'];
$editorId=str_replace("pre","",$editorId);
$value=html_entity_decode(stripslashes($value),ENT_QUOTES);
if (strlen(trim($value))==0)
{
die();
}
$value="<div id=\"$editorId\" class=\"$clase\">$value</div>";
$newXHTML=$value;
$retorno=CMS_nuevoBloque($newXHTML,$editorId);
$_SESSION['data']['CMSeditores']=$retorno[1];
$_SESSION['data']['CMScont']=$retorno[2];
session_write_close();
print_r($retorno[0]); //Offending part...without everything works
?>
really nothing strange here....main page code is even simpler, no strange php directives, etc.
Here is the header of the caller page
include 'php/db.php';
$len=$_GET['len'];
$sec=$_GET['sec'];
$cont=$_GET['cont'];
$admfin=$_GET['admfin'];
$fecha=$_GET['fecha'];
$token=$_GET['token'];
$cur=$_GET['cur'];
$PHP_SELF=$_SERVER['PHP_SELF'];
session_cache_limiter('nocache');
session_name("CMS_ses");
session_start();
$passvar='';
unset($adm);
if ((!empty($_SESSION['cms_logged'])) and (!isset($admfin)) )
{
$nivelpermisos=$_SESSION['cms_logged_group'];
$useractual=$_SESSION['cms_logged'];
$adm=1;
}
elseif (empty($_SESSION['cms_logged']))
{
unset($useractual);
}
//.........rest of the code
UPDATE: I did late night tests and found someting i don´t understand.HElP please:
It has not only to do with Sessions but also with Mysql Querys. Same code, but instead of trying to write to $_SESSION array i made a simple update to a Innodb table using the session_id. When i Output some code, the update does get executed,(i can output the query string and no mysql_error() or notice) problems, but checking the database the row doesn´t get updated. Letting the output out if the script and Query does get commited. Only common thing is sessions are started and output is made.
I restarted Apache, etc(who knows) but no luck. Then i made something really stupid, because this is a server side thing. I changed my browser to Firefox(using safari) and everything works! Ok, recheck, back to safari, nothing works. Both running side by side, same issue. PHP is server side, how can different browsers handle code different, can a browser say to apache rollback, request not handled or call the same script twice without notice(checked safaris developer console and the script is called only once) ? Can safari resubmit data silently because it "thinks" ajax failed? I checked headers using firebug and Safaris developer tools , nothing strange but whenever i make a Ajax call with safari, the caller page reloads data(Aka conection to server...).
I really don´t understand nothing.
I had a similar problem to this (if I have understood correctly). I needed to force session data to be written (for a custom session driver) after scripts have finished running. A shutdown function can be registered which should run after scripts have finished.
Maybe this will solve (or help you to solve) your problem.
http://php.net/manual/en/function.register-shutdown-function.php
Thank's for your help. I was doing everything in the right order and still session data was not being written. Session names where necesary because sometimes we test many sites on the same domain using the same custom CMS. So, finally, after making lots of test and no luck, i found that register globals was active on this server(we never use it, code was written having this option off in mind of course), but it messes with sessions!. Switching this off made a huge change. No more problemas. I also made a custom session handler in DB, so i could track the problems in an more centralized way.
Conclussion: Never use register globals + named sessions, an complex data in sessions.
Anyway, i will give this issue more time and more tests. Ajax calls are also sometimes too fast, i had to put a sleep command so writing the session data was really done.Thanks
I am not sure but few suggestion i think may be helpful.
delete session cookies before refreshing the page for testing purposes :)
Ensure that you're not assigning any arrays with a key containing the pipe character (|). This will prevent the session data from being serialized and saved.
Do session_regenerate_id(true); many cases session_write_close doesn't seem to matter with out session_regenerate_id. or just do session_start() after session_write_close() if you are relying on SID ; and in your case i think this is what is causing problem to you as you are ending the current session every time and not re starting it for the next page. hope u get my point. Further more To Make sure data is actually flushed out to the browser use ob_end_flush();
i could not understand the connection between
$_SESSION['data']['CMSeditores']=$retorno[1];
$_SESSION['data']['CMScont']=$retorno[2];
and
$nivelpermisos=$_SESSION['cms_logged_group'];
$useractual=$_SESSION['cms_logged'];
i think you need to paste some more code where the data part is causing problem instead of admin login part.
i hope this helps you.:)
Is there any reason you're establishing the session name twice? I've had issues in the past where I would establish the session without a name, then another piece of script (not mine) was naming the session. Even at the end of the script I was able to print out the session variable, but once I went to a new page my session had been forgotten. It wasn't until I copied the name included in the 2nd script into my session call that it was solved.
Check that there's no other session names being used; also, maybe try only naming the session once, at the first call to the session?
Question: Are you calling session_start() first thing... before ANY output to the browser and before any variables are assigned?
Sounds silly but give it a try.
Also, why are you using session names? Really not necessary unless you have a lot of session variables with the same name serving different purposes and if thats the case then you need to fix that first!
I had a similar problem but it was having with ie few years back. IE manipulates the header on its own way and that causes strange php bugs that you can find in php.net archives.
#Diego Pino Navarro, please see this help page and find Safari and it's issues with php.
I also found "Safari "forget" http-authentication's logon-information".
I need to share sessions between subdomain but my sessions are stored in weird format. For example if ill compare same session data (from session file) from different servers i see that in first case data are stored correctly but not in second one.
First server session string:
TEST_VAR|s:10:"TEST VALUE";
Second server session string:
NUnNmu-NLaO2lP-1J_LVRdJm5cPH54dlnDN1W1GaHXrebf3hl_clOl3xeoZlvHsj
I'm using same code to generate sessions, where is the problem? Anyone know whats wrong? How can i decode this weird string? session_decode() can't handle it.
This might help: PHP / Drupal, Session Storage and encryption
If not, check the php.ini/phpinfo() on both servers and see if there are any differences in the session-related configuration.