rfc:user_defined_session_serializer

This is an old revision of the document!


PHP RFC: User defined session serializer

Introduction

Currently, only C module can add additional session data serializer. If there is user defined serializer, users can

  • Encrypt/decrypt session data transparently.
  • Use any serialization format such as JSON/XML/etc.
  • Add invisible data to session data.

Proposal

Add session serializer registration function.

bool session_set_serializer(callable $serialize_func, callable $unserialize_func)

Add session serializer interface.

interface SessionSerializerInterface {
  function encode(array $session_data_array);
  function decode(string $serialized_session_data_string);
}

Please refer to the pull request phpt files for usage.

Backward Incompatible Changes

None.

Proposed PHP Version(s)

Next PHP. Currently 7.2.

Future Scope

Current session modules OO user save handler uses internal save handler as its base object. This design caused many problems.

User defined serializer can get rid of this design issue. i.e. There will be new and clean OO session save handler interface.

Proposed Voting Choices

50%+1 majority

Patches and Tests

Implementation

After the project is implemented, this section should contain

  1. the version(s) it was merged to
  2. a link to the git commit(s)
  3. a link to the PHP manual entry for the feature
  4. a link to the language specification section (if any)

References

Links to external references, discussions or RFCs

Rejected Features

Keep this updated with features that were discussed on the mail lists.

rfc/user_defined_session_serializer.1479375336.txt.gz · Last modified: 2017/09/22 13:28 (external edit)