PHP $_SESSION 变量键中的保留字符 [英] Reserved characters in PHP $_SESSION variable keys
问题描述
我正在查看 PHP 会话文件的内部表示,我注意到会话密钥由管道字符 |
分隔.
I was looking at the internal representation of PHP session file and I noticed that the session keys are separated by the pipe character |
.
在进入我遇到的问题之前,让我提供一个关于如何格式化会话文件的快速教程.至少,这是在我的 Mac(10.9.4,PHP 5.4.24)上格式化的方式.
Before getting into the problem I encountered, let me give a quick tutorial on how the session file is formatted. At least, this is how it was formatted on my Mac (10.9.4, PHP 5.4.24).
会话文件格式
假设我有以下代码:
$_SESSION["age"] = 26;
$_SESSION["car"] = "Mazda";
$_SESSION["nerdy"] = true;
$_SESSION["likes"] = array(42, "being meta");
$_SESSION["stats"] = array("bmi" => 1000);
然后它会像这样存储在会话变量中:
Then it gets stored in the session variable like this:
age|i:26;car|s:5:"Mazda";nerdy|b:1;
likes|a:2:{i:1;i:42;i:2;s:10:"being meta"}
stats|a:1:{s:3:"bmi";i:1000}
一般格式为
session_key|session_value[;session_key|value] etc.
其中 session_value
是一般形式
type[:size]:value
更具体地说(如果有人感兴趣的话),
More specifically (if anyone's interested),
- 字符串:
s:3:"some text"
- 整数:
i:4
- 布尔值:
b:1
(真)或b:0
(假) - 数组:
a:2:{session_value;session_value;session_value;session_value}
- strings:
s:3:"some text"
- integers:
i:4
- booleans:
b:1
(true) orb:0
(false) - arrays:
a:2:{session_value;session_value;session_value;session_value}
其中大小为 2 的数组中的四个 session_value
是 key;value
key;value
对.
where the four session_value
s in the array of size 2 are the key;value
key;value
pairs.
问题
您可以看到,在上面,顶级会话密钥由 |
字符分隔.但是,如果我们的会话密钥名称之一包括 |
字符怎么办?
You can see that in the above, the top-level session keys are separated by the |
character. But what if one of our session key names includes the |
character?
嗯,我试过了.当我这样做时,整个会话文件(在 /tmp
中)是空白(并且绝对没有设置变量).这是 PHP 开发人员的疏忽还是未记录的限制(或者是否记录在某处)?
Well, I tried it. And when I did, the entire session file (in /tmp
) was blank (and the variables were definitely not set). Is this an oversight by the PHP devs or an undocumented limitation (or is it documented somewhere)?
这可以通过将 $_SESSION 键本身放在引号中或在 $_SESSION 键字符串中反斜线任何管道来轻松解决.这对我个人来说不是什么大问题,因为我无法理解为什么我需要将 |
放在 $_SESSION 变量键中 - 只是对它感到好奇.
This could be easily solved by putting the $_SESSION keys themselves in quotes or backslashing any pipe in a $_SESSION key string. This isn't a big problem for me personally, since I can't fathom why I would need to put a |
in a $_SESSION variable key - just curious about it.
推荐答案
Its a known bug
Its a known bug
https://bugs.php.net/bug.php?id=33786
解决方法是更新到 5.5.4 并使用 php_serialize 会话序列化程序
The work around is update to 5.5.4 and use the php_serialize session serializer
这篇关于PHP $_SESSION 变量键中的保留字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!