Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7dad54c

Browse files
TobionTobion
committed
[HttpFoundation] remove base64 encoding of session data
1 parent 4b6776e commit 7dad54c

File tree

1 file changed

+8
-13
lines changed

1 file changed

+8
-13
lines changed

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php

Lines changed: 8 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -19,14 +19,15 @@
1919
* This means requests for the same session will wait until the other one finished.
2020
* PHPs internal files session handler also works this way.
2121
*
22-
* Session data is a binary string that can contain non-printable characters like the null byte.
23-
* For this reason this handler base64 encodes the data to be able to save it in a character column.
24-
*
2522
* Attention: Since SQLite does not support row level locks but locks the whole database,
2623
* it means only one session can be accessed at a time. Even different sessions would wait
2724
* for another to finish. So saving session in SQLite should only be considered for
2825
* development or prototypes.
2926
*
27+
* Session data is a binary string that can contain non-printable characters like the null byte.
28+
* For this reason it must be saved in a binary column in the database like BLOB in MySQL.
29+
* Saving it in a character column could corrupt the data.
30+
*
3031
* @see http://php.net/sessionhandlerinterface
3132
*
3233
* @author Fabien Potencier <[email protected]>
@@ -145,11 +146,7 @@ public function read($sessionId)
145146
// We use fetchAll instead of fetchColumn to make sure the DB cursor gets closed
146147
$sessionRows = $stmt->fetchAll(\PDO::FETCH_NUM);
147148

148-
if ($sessionRows) {
149-
return base64_decode($sessionRows[0][0]);
150-
}
151-
152-
return '';
149+
return $sessionRows ? $sessionRows[0][0] : '';
153150
} catch (\PDOException $e) {
154151
$this->rollback();
155152

@@ -195,8 +192,6 @@ public function destroy($sessionId)
195192
*/
196193
public function write($sessionId, $data)
197194
{
198-
$encoded = base64_encode($data);
199-
200195
// The session ID can be different from the one previously received in read()
201196
// when the session ID changed due to session_regenerate_id(). So we have to
202197
// do an insert or update even if we created a row in read() for locking.
@@ -208,7 +203,7 @@ public function write($sessionId, $data)
208203
if (null !== $mergeSql) {
209204
$mergeStmt = $this->pdo->prepare($mergeSql);
210205
$mergeStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR);
211-
$mergeStmt->bindParam(':data', $encoded, \PDO::PARAM_STR);
206+
$mergeStmt->bindParam(':data', $data, \PDO::PARAM_LOB);
212207
$mergeStmt->bindValue(':time', time(), \PDO::PARAM_INT);
213208
$mergeStmt->execute();
214209

@@ -219,7 +214,7 @@ public function write($sessionId, $data)
219214
"UPDATE $this->table SET $this->dataCol = :data, $this->timeCol = :time WHERE $this->idCol = :id"
220215
);
221216
$updateStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR);
222-
$updateStmt->bindParam(':data', $encoded, \PDO::PARAM_STR);
217+
$updateStmt->bindParam(':data', $data, \PDO::PARAM_LOB);
223218
$updateStmt->bindValue(':time', time(), \PDO::PARAM_INT);
224219
$updateStmt->execute();
225220

@@ -236,7 +231,7 @@ public function write($sessionId, $data)
236231
"INSERT INTO $this->table ($this->idCol, $this->dataCol, $this->timeCol) VALUES (:id, :data, :time)"
237232
);
238233
$insertStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR);
239-
$insertStmt->bindParam(':data', $encoded, \PDO::PARAM_STR);
234+
$insertStmt->bindParam(':data', $encoded, \PDO::PARAM_LOB);
240235
$insertStmt->bindValue(':time', time(), \PDO::PARAM_INT);
241236
$insertStmt->execute();
242237
} catch (\PDOException $e) {

0 commit comments

Comments
 (0)