- PeterMoulding.com
- Author
- Trainer
- Speaker
- Business Coach
- How to write a How To book
- PHP Courses
- Speaking
- Web Architect
- Australia
- Books
- Authors
- Akkana Peck
- Alex Berenson
- Andrew Nugent
- Ben Sanders
- Brock Clarke
- Chris Simms
- David Mercer
- Dianna Mullet
- Don Winslow
- Dori Smith
- Harlan Coben
- Jack McDevitt
- James Wines
- Jerry Yudelson
- John Grisham
- Kevin Mullet
- L. E. Modesitt Jr.
- Laurell K. Hamilton
- Marshall Karp
- Martina Cole
- Michael Marshall Smith
- Michel Roux Jr
- Nadia Sawalha
- Philip Pullman
- Raymond Khoury
- Richard North Patterson
- Robert Masello
- Sally Roth
- Sarah Langan
- Stella Rimington
- Stephen King
- Stephen Leather
- T.C. Boyle
- Tom Negrino
- Tony Hillerman
- Urban Waite
- Val McDermid
- Valerio Massimo Manfredi
- Beginning GIMP
- Beginning Visual C++
- Culturalism
- Fiction
- A Drink Before The War
- A Talent for War
- Bag of Bones
- Blood and Ice
- Burn
- Dark Lady
- Dead Line
- Eclipse
- Empress of Eternity
- Exley
- Flipping Out
- Just One Look
- Nightfall
- Pet Sematary
- Savage Moon
- Skinwalkers
- Starvation Lake
- The Fallen
- The Gardens of the Dead
- The Jump
- The Last Templar
- The Mermaids Singing
- The Midnight Mayor
- The Secret Soldier
- The Summons
- The Terror of Living
- The Testament
- The Tower
- Under the Dome
- Virus
- AJAX and PHP
- Aging with Grace
- Food books
- Green Architecture
- Life Is So Good
- SQL: The Complete Reference
- The Backyard Bird Lover's Ultimate How-to Guide
- The Garden Gurus
- Authors
- Sustainability
- -18 hours left to decide the future of Australia
- Campbells vegetable stock or Massel vegetable stock?
- Carbon Sequestration
- Carbon tax for Australia is a fraud
- Copenhagen will fail
- Cost of living in Australia
- Dick Smith jumps on the population bandwagon
- Dry Run: Preventing the Next Urban Water Crisis
- Energy Saving Lights
- Garlic
- How many people can live in Australia?
- Julia Gillard offers 9.9 billion dollars bribe to Rob Oakeshott
- Laundry detergent
- Petrol or Diesel?
- Reflective foil batts kill
- RoHS
- Sea level to rise 3mm due to climate change
- Solar power
- Spring again in Sydney
- Sustainable fuels
- The CRUD Tax is back
- The people who make building regulations do not own houses
- Water efficiency
- Which insulation is safer, foil or wool?
- Will Australia reduce greenhouse gas emissions?
- Technology
- Android or Blackberry or iPhone or a flip phone?
- Apple versus Google 2011
- Cameras
- Cars
- Colour
- Burgundy
- Colour Blindness
- Colour Names
- Dulux colours
- Pantone colours
- Safe Colours
- Seculine ProDisk Mini colour balance card
- What Causes Colour Blindness?
- Hardware
- Batteries for the Digital Age
- Cables
- Cases
- Computer reliability
- Computrace
- Disks
- Astone ISO Gear 481E
- Best SSD for your notebook computer
- Disk block size
- Hitachi disk HDS722020ALA330
- LaCie USB 2.0 250 GB mobile hard drive design by F.A. Porsche
- SMART disk
- Samsung 2 TB HD204UI quiet low power disk for mass storage
- Seagate and Samsung merge disk business
- Select the right disk for your RAID array
- USB disk speed
- Western Digital WD20EARX 2 GB SATA 3 disk
- How long should computer hardware last?
- Keyboards
- Mainframe
- Memory cards
- Monitors
- Netbooks, notebooks, tablets, and xPads
- Network Attached Storage
- OLED Displays
- PC's are a thing of the past
- Printers
- Quiet
- Samsung Galaxy S
- Speed
- Television
- Tools
- USB
- Worst computer movies
- Xserve is dead. What next?
- Your backup will not work
- iPad or Acer Aspire One?
- IQ
- Its obsolete, throw it out!
- LG Intello Washing Machine
- Lack of a challenge
- NBN spends another $12 billion of our tax money on nothing
- Networks
- 802.11n wireless networking
- D-Link DIR-655 wireless router
- D-Link DWA-160 Xtreme N dual band USB adapter
- D-Link DWA-556 Xtreme N PCI Express desktop adapter
- MIMO
- National Broadband Network
- Netgear wireless modem router DGND3300 with 300 Mbps 802.11n
- Refrigerator kills wireless broadband
- Small Wireless Network
- TP-LINK TL-SG10005D 5 port gigabit switch
- TP-Link TL-WR1043N wireless N gigabit router
- Telstra Pre-paid Mobile Wi-Fi
- Where are the router plus proxy server combinations?
- Open Source documentation
- Software
- 7-zip
- Accounting
- Asterisk
- Audacity
- Backup software
- Bloat only in Windows
- CAD
- CDex
- Disk imaging software for copying and backup
- Exact Audio Copy
- Filezilla
- Firefox
- Java
- LibreOffice or OpenOffice?
- Linux
- 1 in 5 servers will ship with Linux
- Android phones outsell iPhone
- Another Move to Linux
- CentOS 5.5 installation on SSD and RAID 5
- Debian
- Debian 5.0.5 AMD64 installation
- Fedora
- Fedora or Ubuntu?
- Gnome or KDE?
- K9copy
- Linux 2.6.38
- Linux Gnome login settings lost
- Linux Mint
- Linux RAID, a rant
- Linux Speed
- Linux Time
- Linux reliability as demonstrated by Ubuntu 10.10
- Linux reliability as demonstrated by Ubuntu 11.4
- Linux still a struggle in 2011
- Linux workstation disk RAID 1
- Linux, NT, Windows, and SETI
- Linux, three years of progress
- London Stock Exchange switches to Linux
- Mandrake Linux 9.2
- The partition is misaligned by 48128 bytes - warning from Linux RAID
- Ubuntu
- How to fix the scroll bars in Ubuntu 11.4 Gnome
- Kubuntu 10.10 alternate installation on desktop with RAID 1
- POWbuntu
- Ubuntu 10.10 after 6 months use
- Ubuntu 10.10 alternate installation
- Ubuntu 10.10 desktop RAID 1
- Ubuntu 10.10 desktop RAID 5
- Ubuntu 10.10 desktop install on a netbook
- Ubuntu 10.10 desktop installation
- Ubuntu 10.10 netbook install on a netbook
- Ubuntu 10.10 server AMD64
- Ubuntu 10.10 upgrade to version 11.4 beta 2
- Ubuntu 10.4
- Ubuntu 11.10
- Ubuntu 11.10 first upgrade
- Ubuntu 11.4 after one month use
- Ubuntu One
- Ubuntu by Microsoft?
- Ubuntu desktop upgrade 10.4 to 10.10 failed because I did not check the media
- Ubuntu strikes again
- Yes, use Linux but not that distribution!
- Nero
- OpenOffice
- OpenOffice is now Apache Office
- Project management
- Scribus
- Software for Windows and Linux
- Time
- Todo applications
- Tomboy notes
- Top text editors
- Version control
- VideoLAN VLC media player
- Visio
- Webmin
- Webmin installation on CentOS for Web development
- Webmin installation on Ubuntu
- What is the most popular open source software today?
- Windows
- Another Windows person goes Linux
- BAD_POOL_CALLER
- Cygwin
- Microsoft Malicious Software Removal Tool cannot find a common virus
- One of the developers of Windows XP is criminally insane
- There are unused icons on your desktop
- W32time
- Which Windows version?
- Windows 7 Home Premium
- Windows XP Stop 0x0000007B during installation
- Windows XP is a disaster
- Windows processes
- XML
- Zip, bzip, gzip, or 7zip?
- configFree
- Technology Succession Planning
- VoIP
- Web Sites
- Drupal
- Do Drupal themes have to use the GPL?
- Drupal 7
- A better search facility for Drupal
- Drupal - performance or flexibility
- Drupal 7 new features
- Drupal 7 ships on January 5
- Drupal 7.4 hits PeterMoulding.com
- Drupal function sequence
- The evolution of a module
- Undefined index: headers in DefaultMailSystem->mail() (line 54 of /modules/system/system.mail.inc).
- Undefined index: to in DefaultMailSystem->mail() (line 83 of /modules/system/system.mail.inc).
- implode(): Invalid arguments passed in DefaultMailSystem->format() (line 23 of /modules/system/system.mail.inc).
- Drupal Code Load Cut
- Drupal How To
- Drupal Modules
- Backup and Migrate
- Browscap
- CKEditor with Drupal WYSIWYG
- Captcha
- Colorbox
- Content Construction Kit
- Content type
- Devel module for Drupal
- Drupal Rules as an automation language
- Drupal Spam add-on module
- IMCE
- IMCE Wysiwyg bridge
- ImageAPI
- Lightbox2
- Node Gallery Access
- Node_Gallery
- Path
- Path redirect
- Pathauto
- Pet
- Search
- Service links
- Session Variable
- Taxonomy
- Token
- Transliteration
- Trigger
- Variable module
- Other modules
- Drupal Training
- Drupal access controls need a major rewrite
- Drupal coding tricks
- Drupal performance
- Drupal themes for the future
- Drupal.org colours
- Import existing data into Drupal
- Multiple Web sites made easy using Drupal multisite and the right start
- drupal_lookup_path()
- Adobe PDF
- Apache
- Apache Mahout
- Audi.com
- Bleet
- CSS Strikes Again
- CSS or xCSS
- Can you believe Facebook or email?
- Content Management Systems
- Databases
- Facebook scam
- Font
- Fonts
- HTML
- Install Apache, MySQL, and PHP 5 in Ubuntu 11.4 using the Ubuntu Software Centre
- Language Codes
- Marketing
- Memcache
- Nginx
- Oscars
- PHP
- SPDY
- Search software
- Techoni.com.au
- Theme themes
- U.S. Patent No. 6,985,875
- Virtual Private Server
- Visible Improvement
- Web 4.0
- Web browser usage
- Web browsers
- Web site development
- Bluefish
- Eclipse and PHP
- Getting a Git client, a story of ancient technology and pain
- HTTrack
- MVC
- Netbeans
- Nvu
- PHP
- PHP or ..., CakePHP/Symfony/ZF versus ...
- Programming
- Superfish
- Web browser emulators for testing your Web site
- Web development frameworks
- Web site books
- Web site development on your own computer
- Webmin or phpMyAdmin or cPanel for creating databases?
- aiki framework
- jQuery
- Views development - Learn Fields first
- Views development - Learn Actions and Rules
- jQuery .each()
- jQuery .has()
- jQuery .is()
- jQuery and Firefox Firebug
- jQuery children
- jQuery for people not using Drupal - Installation and getting started
- jQuery hover
- jQuery hover de-duplication example
- jQuery or CSS?
- jQuery performance
- jQuery tests
- Web site hosting
- Westpac Web site still broken after two years and ten months
- Wordpress wins another CMS survey
- Drupal
PHP sessions and serialisation
Submitted by Peter on Fri, 2010-09-03 01:27
PHP sessions and serialisation are related areas and are usually easy. Today, while working on arcaic code from last century, I found a really horrible combination of limitations of PHP 5.2.x bouncing the project all over the place. I present the problems in the hope it will help someone somewhere.
I used to document PHP related problems at php.net, the official site for PHP. I found many of my helpful suggestions were deleted by the thought police. Now I place the same information on a site I control and the big search engines add the information into the search results almost as quickly as a direct addition to php.net.
Sessions
Sessions are a way to store data temporarily, commonly from page to page when you browse a Web site. PHP provides lots of ways to create and work with sessions. You can store the data using files, a database, or any method accessible by code. You can configure all the important features when you set up your Web site and you can override most of the settings from code to produce an extremely versatile system.
When data from your application is stored in sessions, PHP offers two techniques for serialising data into simple text strings for easy storage anywhere.
Serialisation
PHP offers three serialisation techniques, serialize(), session_encode(), and wddx_serialize(), with two available for use in sessions.
session_encode() is the PHP default for serialising into and out of sessions but does not offer the flexibility to read the stored data outside of a session.
serialize() does everything almost exactly the same as session_encode() and lets you read session data outside of sessions but the two types of serialisation do not work together. You cannot replace session_encode() with serialize().
WDDX is a standard method using XML and is the most flexible. WDDX can be a little bit slower because the resultant string is longer. WDDX solved one of the problems I struck today.
Reading session data without a session
There are situations where you want to read session data without starting a session. Sessions require HTTP headers. You need different HTTP headers to redirect the visitor to a new page. Redirection fails after you set the headers that support sessions. You sometimes need to read the session data first then decide the direction you will take then you start the session.
session_encode() has a matching session_decode() but you cannot use session_decode() to decode the session data because session_decode() decodes direct into memory instead of into a variable. You cannot control the output of session_decode().
serialize() has a matching unserialize(). unserialize() looks perfect for unserialising session data. When you use session_encode() to encode the session data, unserialize() does not decode the data. The examples at php.net show unserialize() decoding session data and the example used to work on a site I built a long time ago. Today with PHP 5.2.x, unserialize() does not work on the data encoded in a session.
I replaced session_encode() with serialize() in one site a long time ago so I could use unserialize() to decode the data. The result is inefficient. You let PHP waste a lot of processing power encoding then you throw the encoded string away and create your own. You waste the same amount of processing bring the data back. PHP should either let you specify serialize() to replace session_encode() or make the two compatible.
WDDX is a good reliable replacement for session_encode() and PHP makes the changeover easy. WDDX is supplied ready made in PHP for Windows. cPanel and similar Web site management programs build WDDX for you automatically when you tick the appropriate box on the requirements page. Some primitive operating systems make you compile WDDX before you can use WDDX.
WDDX solved all the access and compatibility problems in the site where I wanted to read the session data outside of the session. You tell PHP to use WDDX instead of the default with just one quick change to the PHP session settings. A 6000 byte session row increased to a bit over 8000 bytes when I switched to WDDX. There is no noticeable speed difference for this small amount of data. The flexibility of WDDX is worth more than a few CPU cycles.
wddx_deserialize()
WDDX lets you decode the session data into an array of your choosing. The magic decoder function is named wddx_deserialize().
wddx_unserialize()
wddx_unserialize() is recommended in the PHP documentation but wddx_unserialize() is not in PHP 5.2.x and some other versions of PHP. wddx_deserialize() is in all the versions of PHP I use.
Files or a database?
Files are fast and tend to remain equally fast as the load builds up, unless you are using an older version of Solaris where the system suddenly slows down worse than any Monday morning peak hour traffic.
Databases can be fast but all the different uses of your database will soon drag down the performance of your database. Performance tends to become worse faster as your site ages because you build up bigger database tables and indexes. You need to occasionally tune your databases to allow for the growth.
Databases are more accessibly and flexible. You use files for simple session processing then you want some nice little extra feature and switch to storing your sessions in a database.
On shared hosting, sessions can be stored in disk directories you cannot view or search. If the sessions are stored in a database, you can always use your database browse facilities to view and search the session records.
MySQL
PHP offers three ways to access MySQL databases, the older mysql module for old versions of MySQL, the slightly newer mysqli module for modern versions of MySQL, and the PDO module for future access to MySQL. PDO works and is the interface used by the next version of Drupal, currently in alpha testing. PDO is not yet on all hosting servers.
mysqli is almost everywhere and is similar to the older interface, making a conversion to mysqli easy. The documentation for mysqli is out of alignment in a big way. mysqli can be used in an object oriented way and a procedural way. The documentation often describes an object oriented way that does not yet work. you have to search really hard to find anything about the older procedural approach that is currently the only reliable way to use mysqli.
If you have the latest version of PHP 5 with the latest version of MySQL, upgrade your database code from the old mysql procedural code to the newer mysqli procedural code. When everything is working and you have spare time, convert to the mysqli object oriented code to gain objectivity. The conversion is relatively easy. There is an almost one to one relationship between the older functions and the newer methods. The main problem is documentation that does not match up the way PHP works.
You can eventually convert to PDO. The conversion from the object oriented version of mysqli should be easy because they are similar. Last time I tried to use PDO, the documentation was missing big chunks.
Spinning around
Today's project used PHP 5.2.x. The sessions kept failing in a variety of ways. This is not my code. It was written by one of those horrible creates you read about in Lord of the Rings. The code used files for storage and is ancient rubbish I would not show to students, not even as an example of bad code, because it might infect their brain. It worked for years when untouched by human hands but fails when you make the slightest change. One tiny change in one place creates massive problems all over the code and you have to make hundreds of changes to get the site working again.
The session files are in a directory that is not accessible, making diagnosing the problems extremely difficult. The first change was to put the sessions into the database. The existing database code then showed it could not handle long text. Write off three hours fixing the database access code to handle long strings. In the end I switched to using binds instead of long SQL query strings.
Then I found there is already a session table but that session table is used only for some sessions and it does not work reliably. I am faced with many more hours work to convert the unreliable partial sessions across to the standard sessions.
There are two other forms of sessions in use. I know about both of them and will leave them in place because they are just to hard to change.
The existing MySQL code did not work the correct way for the mysqli procedural approach and I started switching to the mysqli object oriented approach but the documentation for the object oriented approach did not match the way mysqli actually works. I gave up and fixed a number of errors in the existing mysqli code. I can now use my mysqli based session code to maintain the sessions and use the regular database code to read the session data any time I need something outside of sessions.
Getting the deserialisation working was painful until I switched to WDDX. I wasted three hours on the default PHP session decoding before switching to WDDX. WDDX required only one extra step and that is preloading classes required for any objects stored in sessions. The conversion to WDDX was over in 20 minutes.
I do not normally store objects in sessions. The existing code had a lot of objects in the session and most were not needed. I spent an hour removing all the ones that were not used and a few minutes adding the preload for the few objects still in the session. After the clean up, the sessions are so small I can easily find anything in them.
Content management system
If you use a modern free open source content management system, I recommend Drupal, you do not have to battle with all the problems I mention in this page because hundreds of developers have already built and tested the code for you.
Trying to maintain the worst of the 1990s amateur code shows you how pathetic a lot of the code was. The code was made worse by the fact that most of it was scribbled over by a different contractor every month. Think of chickens pecking at the code.
All those years of Who cares, I will be working somewhere else next week
. None of the beneficial open review you find in large open source projects. A good content management system should replace 90 percent or more of your code with thoroughly tested and community maintained code.
Conclusion
There are often several ways to do things in PHP and one way will work better than the others. In the areas of database access, sessions, and serialisation, there is a time lag of a year or more between the documentation and the code. You need to systematically test the alternatives to find the details missing from the documentation. One day you should dump the old code completely and move to a system where there are hundreds of other developers helping you.
