rfc:user_defined_session_serializer

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
rfc:user_defined_session_serializer [2016/11/17 09:35] – created yohgakirfc:user_defined_session_serializer [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== PHP RFC: User defined session serializer ====== ====== PHP RFC: User defined session serializer ======
-  * Version: 0.9+  * Version: 1.0
   * Date: 2016-11-17   * Date: 2016-11-17
   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>
-  * Status: Under Discussion+  * Status: Declined
   * First Published at: http://wiki.php.net/rfc/user_defined_session_serializer   * First Published at: http://wiki.php.net/rfc/user_defined_session_serializer
  
 ===== Introduction ===== ===== Introduction =====
  
-Currently, only C module can add additional session data serializer. If there is user defined serializer, users can+Currently, only C module can add additional session data serializer. With user defined session data serializer, users can
  
   * Encrypt/decrypt session data transparently.   * Encrypt/decrypt session data transparently.
   * Use any serialization format such as JSON/XML/etc.   * Use any serialization format such as JSON/XML/etc.
-  * Add invisible data to session data.+  * Add invisible data to session data for session data management purpose. 
 +  * Validate session data via hash_hmac().
  
 ===== Proposal ===== ===== Proposal =====
Line 20: Line 21:
 <code php> <code php>
 bool session_set_serializer(callable $serialize_func, callable $unserialize_func) bool session_set_serializer(callable $serialize_func, callable $unserialize_func)
 +</code>
 +
 +$serialize_func and $unserialize_func are:
 +
 +<code php>
 +$serialize_func = function(array $session_data_array) {
 +  // User can add/encrypt data in this function
 +  // Returning anything other than string raises E_RECOVERABLE_ERROR
 +  return serialize($session_data_array); // Must return string
 +}
 +
 +$unserialize_func = function(string $session_data_string) {
 +  // User can remove/decrypt/validate data in this function
 +  // Returning anything other than array raises E_RECOVERABLE_ERROR
 +  return unserialize($session_data_string); // Must return array
 +}
 </code> </code>
  
Line 26: Line 43:
 <code php> <code php>
 interface SessionSerializerInterface { interface SessionSerializerInterface {
-  function encode(array $session_data_array); +  function encode(array $session_data_array):string
-  function decode(string $serialized_session_data_string);+  function decode(string $serialized_session_data_string):array;
 } }
 </code> </code>
  
 +session_set_serializer() accepts object implements SessionSerializerInterface.
  
-Please refer to the pull request phpt files for usage. +<code php> 
 +bool session_set_serializer(SessionSerializerInterface $handler) 
 +</code> 
 + 
 +These functions/methods are called before reading/writing session data to session data database. 
 + 
 +Please refer to the pull request phpt files for usage details
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
Line 46: Line 70:
 Current session modules OO user save handler uses internal save handler as its base object. This design caused many problems.  Current session modules OO user save handler uses internal save handler as its base object. This design caused many problems. 
  
-User defined serializer can get rid of this design issue. i.e. There will be new and clean OO session save handler interface.+User defined session serializer can get rid of this design issue. There will be new and clean OO session save handler interface proposal. This RFC keeps extendability for new OO session save handler API.
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
  
-50%+1 majority+2/3 majority is required to pass. 
 + 
 +Vote starts: 2016-12-05  Vote ends: 2016-12-19 UTC 23:59:59 
 + 
 +<doodle title="Add user defined session serializer" auth="yohgaki" voteType="single" closed="false"> 
 +   * Yes 
 +   * No 
 +</doodle>
  
  
Line 67: Line 98:
 Links to external references, discussions or RFCs Links to external references, discussions or RFCs
  
-===== Rejected Features ===== +
-Keep this updated with features that were discussed on the mail lists.+
rfc/user_defined_session_serializer.1479375336.txt.gz · Last modified: 2017/09/22 13:28 (external edit)