I've implemented a session handler using DynamoDB. It is working correctly, except for when the response is returned from the server and I call json_decode on it, the nested php serialized session string is broken. I assume storing a serialized session inside a JSON object is not compatible? Is this an escaping issue?
Questions:
serialize() which I assume is used? This would probably solve the issue.This is how the original looks when it comes from the DB (note: it's really long so I've cut the end off myself)
_sf2_attributes|a:4:{s:34:"_security.secured_area.target_path";s:36:"http://my.domain";s:10:"some_id";s:13:"abc123";s:8:"userData";O:27:"Some\Symfony\Bundle":49:{s:8:"�*�email";s:27:"
This is how it looks after calling json_decode on the JSON object this string is inside:
_sf2_attributes|a:4:{s:34:"_security.secured_area.target_path";s:36:"http://my.domain";s:10:"some_id";s:13:"abc123";s:8:"userData";O:27:"Some\Symfony\Bundle":49:{s:8:"
It appears to be truncated where the asterisk is in the original.
json and serialization works fine in PHP
class ClassA
{
public $publicMember;
private $privateMember;
protected $protected;
}
$object = new ClassA();
var_dump(unserialize(json_decode(json_encode(serialize($object)))));
But this issue could come from DynamoDB: Bug in DynamoDB / DynamoDB Session Handler for PHP (handling of NULL BYTES). It seems that it closed, but... you could add additional wrap with base64_encode before json_encode
var_dump(unserialize(base64_decode(json_decode(json_encode(base64_encode(serialize($object)))))));