Serialized Objects in PHP Sessions
Something I have played with for a little while is the idea of creating more complex session variables in PHP. I’m sure this kind of thing has been done before so this is probably nothing new to some people. The idea just came into my head a little while back and I decided to give it a go. Basically all I do is create a class and serialize it to a $_SESSION variable. Even though this article doesn’t execute any queries on the database, it could just as easily apply to such a situation resulting in the need to only query the database once for the data. Read on for some basic code.
I created a Session class in PHP 5 to begin with. Why PHP 5? Because I’ve grown very fond of using access modifiers and hiding my class data. The following class is very basic; it holds an MD5 hash of the session id and an array of user data that could be generated from the database but in this case is a simple hardcoded array.
Session.php
class Session { private $id; private $user; public function Session($id) { $this->id = $id; $this->retrieveUserData(); } private function retrieveUserData() { // do something to retreive user data from DB...but lets just fill an array $this->user = array("id"=>"1","name"=>"Jason"); } public function get($field) { return $this->user[$field]; } }
Now to make sure this works we need to make a basic PHP file to test the output. Following is the file I created to do this:
index.php
session_start(); include_once("./Session.php"); if(!isset($_SESSION["object"])) { echo "Creating original session object<br />"; $session = new Session(md5(mt_rand(1,99999999))); $_SESSION["object"] = serialize($session); } else { echo "Session object already exists in serialized form<br />"; } echo "<br />Serialized session:<br />"; echo $_SESSION["object"]; $session = unserialize($_SESSION["object"]); echo "<br /><br />Test unserialized class:<br />"; echo "id: ".$session->get("id").", name: ".$session->get("name");
Basically all this file does is check if the object doesn’t exist and create a new object and serialize it if needed. It will then continue to print the serialized object and then test it out by unserializing it and printing its contents. When the file is first run, you should see something similar to the following output:
Creating original session object
Serialized session:
O:7:”Session”:2:{s:11:”Sessionid”;s:32:”c7bb839bec6c333d3fc785e86b8acd3b”;s:13:”Sessionuser”;a:2:{s:2:”id”;s:1:”1″;s:4:”name”;s:5:”Jason”;}}
Test unserialized class:
id: 1, name: Jason
Refreshing the page will cause the first line to change indicating that it isn’t loading the data again.
I am aware that because sessions are saved to file on the server this could cause problems with running out of space. This could be solved by using session_set_save_handler to store the sessions in a MySQL database. I’m not 100% sure on this as I have yet to try it out though.
