Currently, only C module can add additional session data serializer. With user defined session data serializer, users can
Add session serializer registration function.
bool session_set_serializer(callable $serialize_func, callable $unserialize_func)
$serialize_func and $unserialize_func are:
$serialize_func = function(array $session_data_array) { // User can add/encrypt data in this function // Returning anything other than string raises E_RECOVERABLE_ERROR return serialize($session_data_array); // Must return string } $unserialize_func = function(string $session_data_string) { // User can remove/decrypt/validate data in this function // Returning anything other than array raises E_RECOVERABLE_ERROR return unserialize($session_data_string); // Must return array }
Add session serializer interface.
interface SessionSerializerInterface { function encode(array $session_data_array):string; function decode(string $serialized_session_data_string):array; }
session_set_serializer() accepts object implements SessionSerializerInterface.
bool session_set_serializer(SessionSerializerInterface $handler)
These functions/methods are called before reading/writing session data to session data database.
Please refer to the pull request phpt files for usage details.
None.
Next PHP. Currently 7.2.
Current session modules OO user save handler uses internal save handler as its base object. This design caused many problems.
User defined session serializer can get rid of this design issue. There will be new and clean OO session save handler interface proposal. This RFC keeps extendability for new OO session save handler API.
2/3 majority is required to pass.
Vote starts: 2016-12-05 Vote ends: 2016-12-19 UTC 23:59:59
After the project is implemented, this section should contain
Links to external references, discussions or RFCs