6

I'm trying to save an object in $_SESSION, but the following:

<?php

$user = db->load( $username, $pass ) ;
$_SESSION[ 'user' ] = $user ;

# on subsequent page loads:
$user = $_SESSION[ 'user' ] ; #retrieve the user from session

Unfortunately this doesn't work.

The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "User" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition

Unless you use serialize():

<?php

$user = db->load( $username, $pass ) ;
$_SESSION[ 'user' ] = serialize( $user ) ;

# on subsequent page loads:
$user = unserialize( $_SESSION[ 'user' ] ) ; #retrieve the user from session

I'm assuming a serialize is required because Session info is saved out to disk. But shouldn't PHP be smart enough to serialize stuff on its own?

And with the use of serialize/_unserialize_, is this going to work now reliably? Or do I need a __serialize() method in my PHP class?

Improve this question
1
  • Have you ever think about use Zend.Session? Commented Jan 29, 2011 at 4:51

5 Answers 5

Reset to default
4

You would need the __serialize() in your class if your object needs to perform some action before being serialized. For instance if it had a reference to an open file and that file needed to be properly closed before serializing.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

In this case you would use __sleep and __wakeup < br2.php.net/manual/en/function.serialize.php >
My apologies, that is what I meant, there is no php magic method called __serialize().
1

Could you maybe use var_export? I only just learned about it today, so maybe it's not really that relevant.

Improve this answer

5 Comments

var_export() isn't really a serialization function. It's just to create a human-readable string representation of a variable (like var_dump(). It doesn't create a full representation of the variable, and there's no reverse function. php.net/manual/en/function.var-export.php
@Lèse My understanding of var_export was that the string it returns could be eval ed to get (more or less) the same variable. Is this incorrect?
Ah, you're right. I had it confused with print_r(). However, it's still better to serialize objects with serialize() as there are some cases where the output of var_export() will not produce the proper results (e.g. objects with circular references).
Yeah but, is this an efficient choice?
It depends; I think it can be if you don't need to serialize objects that var_export isn't compatible with. I personally try to avoid eval, but it's a valid way of doing it.
0

As far as the php compiler is concerned all you are doing is writing an object (serialised) to an Array its a different process that ensures $_SESSION is available on the next page. Serialisation is nothing to do with being written to disk more to do with memory as the memory allocated to various methods on your object will not be available on the next page. Serialisation is how PHP holds onto objects accross pages, and you have to do it yourself.

Improve this answer

Comments

0

Better Use 

json_encode()  json_decode()
Improve this answer

Comments

0

Probably the best approach this days is to implement Serializable interface with your class.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.