Drupal overrides PHP's session handler and stores all sessions in its own sessions table. Normally, you should never be accessing that table directly since the session info is automatically loaded when it is initialized by a user.
Some time ago though, we needed direct access to the session table and found out this isn't as easy as it seems. The session variables are stored in the session field of the sessions table in a serialized state that isn't decodable with PHP's default unserialize or session_decode functions. Browsing the net, it seemed a lot of people had struggled to decode it and we couldn't find any working solution.
So I decided to give a go at this myself. Here's the solution we found to work in all of our test cases. I can't guarantee it works 100% since I haven't seen documentation on how the serialization is done. If you have more information on this, don't hesitate to comment on this post.
function unserialize_session($val) {
$result = array();
// prefixing with semicolon to make it easier to write the regular expression
$val = ';' . $val;
// regularexpression to find the keys
$keyreg = '/;([^|{}"]+)\|/';
// find all keys
$matches = array();
preg_match_all($keyreg, $val, $matches);
// only go further if we found some keys
if (isset($matches[1])) {
$keys = $matches[1];
// find the values by splitting the input on the key regular expression
$values = preg_split($keyreg, $val);
// unshift the first value since it's always empty (due to our semicolon prefix)
if (count($values) > 1) {
array_shift($values);
}
// combine the $keys and $values
$result = array_combine($keys, $values);
}
return $result;
}
Comments
@scroogie
this might work too:
$tmp = $_SESSION;
session_decode('login_ok|b:1;nome|s:4:"sica";inteiro|i:34;');
$data = $_SESSION;
$_SESSION = $tmp;
But I'm wondering if session_decode is altering more than $_SESSION. A quick peek at PHP's source code suggest the answer is "no", but I'm not C expert, to say the least.
@scroogie : session_decode decodes the session data string to the $_SESSION array. We needed it in a custom array.
session_decode() is a default php function, and that always works. Otherwise, PHP could not read its own session values. You can't override that to something completely custom, only to other builtin serializers. Please have a look at session.c in the PHP source code if you don't believe me, or want to know how the hash is created exactly.
@scroogie : The "default" php session format is not a format that is not parsable by "default" php functions.
It's the default PHP session format. Drupal doesn't change that. :)
@scroogie. It's not a default format. That's the whole issue ;)
Ah, now I get it. I misunderstood indeed. So you're trying to read session variables of a different user? It's beyond me, why you'd try to do that, but in that case it doesn't have anything to do with Drupal. It's just the standard PHP session format. I'd probably do
session_save_session(FALSE);
$old = session_encode();
session_unset();
session_decode($val);
$new = $_SESSION;
session_unset();
session_decode($old);
session_save_session(TRUE);
@scroogie: did you even review your own answer? This has nothing to do with what I'm writing here.
http://api.drupal.org/api/drupal/includes--bootstrap.inc/function/drupal...
and
http://api.drupal.org/api/drupal/includes--session.inc/function/sess_read/6
Post new comment