rfc:user_defined_session_serializer
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
rfc:user_defined_session_serializer [2016/11/17 09:35] – created yohgaki | rfc:user_defined_session_serializer [2016/12/05 01:33] – Start vote yohgaki | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PHP RFC: User defined session serializer ====== | ====== PHP RFC: User defined session serializer ====== | ||
- | * Version: | + | * Version: |
* Date: 2016-11-17 | * Date: 2016-11-17 | ||
* Author: Yasuo Ohgaki < | * Author: Yasuo Ohgaki < | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
===== Introduction ===== | ===== Introduction ===== | ||
- | Currently, only C module can add additional session data serializer. | + | Currently, only C module can add additional session data serializer. |
* Encrypt/ | * Encrypt/ | ||
* Use any serialization format such as JSON/ | * Use any serialization format such as JSON/ | ||
- | * Add invisible data to session data. | + | * Add invisible data to session data for session data management purpose. |
+ | * Validate session data via hash_hmac(). | ||
===== Proposal ===== | ===== Proposal ===== | ||
Line 20: | Line 21: | ||
<code php> | <code php> | ||
bool session_set_serializer(callable $serialize_func, | bool session_set_serializer(callable $serialize_func, | ||
+ | </ | ||
+ | |||
+ | $serialize_func and $unserialize_func are: | ||
+ | |||
+ | <code php> | ||
+ | $serialize_func = function(array $session_data_array) { | ||
+ | // User can add/encrypt data in this function | ||
+ | // Returning anything other than string raises E_RECOVERABLE_ERROR | ||
+ | return serialize($session_data_array); | ||
+ | } | ||
+ | |||
+ | $unserialize_func = function(string $session_data_string) { | ||
+ | // User can remove/ | ||
+ | // Returning anything other than array raises E_RECOVERABLE_ERROR | ||
+ | return unserialize($session_data_string); | ||
+ | } | ||
</ | </ | ||
Line 26: | Line 43: | ||
<code php> | <code php> | ||
interface SessionSerializerInterface { | interface SessionSerializerInterface { | ||
- | function encode(array $session_data_array); | + | function encode(array $session_data_array):string; |
- | function decode(string $serialized_session_data_string); | + | function decode(string $serialized_session_data_string):array; |
} | } | ||
</ | </ | ||
+ | session_set_serializer() accepts object implements SessionSerializerInterface. | ||
- | Please refer to the pull request phpt files for usage. | + | <code php> |
+ | bool session_set_serializer(SessionSerializerInterface $handler) | ||
+ | </ | ||
+ | |||
+ | These functions/ | ||
+ | |||
+ | Please refer to the pull request phpt files for usage details. | ||
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
Line 46: | Line 70: | ||
Current session modules OO user save handler uses internal save handler as its base object. This design caused many problems. | Current session modules OO user save handler uses internal save handler as its base object. This design caused many problems. | ||
- | User defined serializer can get rid of this design issue. i.e. There will be new and clean OO session save handler interface. | + | User defined |
===== Proposed Voting Choices ===== | ===== Proposed Voting Choices ===== | ||
- | 50%+1 majority | + | 2/3 majority |
+ | |||
+ | Vote starts: 2016-12-05 | ||
+ | |||
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
Line 67: | Line 98: | ||
Links to external references, discussions or RFCs | Links to external references, discussions or RFCs | ||
- | ===== Rejected Features ===== | + | |
- | Keep this updated with features that were discussed on the mail lists. | + |
rfc/user_defined_session_serializer.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1