1

I store my session data in redis - and i need to get it from another application written not even on PHP, but when i try to use default php unserialize method on stored session string that i previously fetched from redis - i get false.

Example serialized session string:

_sf2_attributes|a:2:{s:26:"_security.main.target_path";s:21:"http://taxi/dashboard";s:14:"_security_main";s:787:"C:74:"Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken":699:{a:3:{i:0;s:60:"$2y$13$0LWym6x/aYM.TJkGlKreCO7Pc.lw5sovpbOYdJ3LMEqURiXjsKGVq";i:1;s:6:"public";i:2;s:591:"a:4:{i:0;C:22:"TaxiBundle\Entity\User":253:{a:8:{i:0;s:60:"$2y$13$0LWym6x/aYM.TJkGlKreCO7Pc.lw5sovpbOYdJ3LMEqURiXjsKGVq";i:1;s:31:"s28cx1llhk0gk8cskggk404ko0kw808";i:2;s:10:"mrandersen";i:3;s:10:"mrAndersen";i:4;b:1;i:5;i:3;i:6;s:24:"[email protected]";i:7;s:24:"[email protected]";}}i:1;b:1;i:2;a:2:{i:0;O:41:"Symfony\Component\Security\Core\Role\Role":1:{s:47:"\x00Symfony\Component\Security\Core\Role\Role\x00role";s:16:"ROLE_SUPER_ADMIN";}i:1;O:41:"Symfony\Component\Security\Core\Role\Role":1:{s:47:"\x00Symfony\Component\Security\Core\Role\Role\x00role";s:9:"ROLE_USER";}}i:3;a:0:{}}";}}";}_sf2_flashes|a:0:{}_sf2_meta|a:3:{s:1:"u";i:1485465482;s:1:"c";i:1485459877;s:1:"l";s:6:"864000";}

Where i can find symfony default serialize algorithm? Thx

Improve this question
7
  • Or just some php code which manually loads session by it's id - will work fine too! Commented Jan 26, 2017 at 21:55
  • Possible duplicate of How can I unserialize Symfony session from the file? Commented Jan 26, 2017 at 22:49
  • Nope, there is no clue in that question. Only another way to work with sessions, but i need exactly what i asked for Commented Jan 27, 2017 at 8:20
  • you cannot use the php unserialize method with symfony sessions, symfony has its own parse method. so to do what you want, you either have to use the symfony session component to unserialize the data or dive into the session component and rewrite the unserialize function in your code Commented Jan 27, 2017 at 8:56
  • I know this) Question was - where i can see this symfony's serialize logic to copy it Commented Jan 27, 2017 at 9:22

1 Answer 1

Reset to default
5

Symfony does not have any build in session serialization algorithm, it uses php built in one which is different that regular serialize/unserialize. Check this comment on php.net where you can find methods to manually unserialize php session data. Basically it depends on session.serialize_handler setting but algorithm you are looking for is something like this (just copied from first link I provided):

<?php
class Session {
    public static function unserialize($session_data) {
        $method = ini_get("session.serialize_handler");
        switch ($method) {
            case "php":
                return self::unserialize_php($session_data);
                break;
            case "php_binary":
                return self::unserialize_phpbinary($session_data);
                break;
            default:
                throw new Exception("Unsupported session.serialize_handler: " . $method . ". Supported: php, php_binary");
        }
    }

    private static function unserialize_php($session_data) {
        $return_data = array();
        $offset = 0;
        while ($offset < strlen($session_data)) {
            if (!strstr(substr($session_data, $offset), "|")) {
                throw new Exception("invalid data, remaining: " . substr($session_data, $offset));
            }
            $pos = strpos($session_data, "|", $offset);
            $num = $pos - $offset;
            $varname = substr($session_data, $offset, $num);
            $offset += $num + 1;
            $data = unserialize(substr($session_data, $offset));
            $return_data[$varname] = $data;
            $offset += strlen(serialize($data));
        }
        return $return_data;
    }

    private static function unserialize_phpbinary($session_data) {
        $return_data = array();
        $offset = 0;
        while ($offset < strlen($session_data)) {
            $num = ord($session_data[$offset]);
            $offset += 1;
            $varname = substr($session_data, $offset, $num);
            $offset += $num;
            $data = unserialize(substr($session_data, $offset));
            $return_data[$varname] = $data;
            $offset += strlen(serialize($data));
        }
        return $return_data;
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.