Skip to content

Loading…

Serializing Auth #1

Open
dracony opened this Issue · 4 comments

2 participants

@dracony

You are doing this: $_SESSION['auth'] = serialize($auth);
But actually objects already get serialized when using the SESSION array, so it's safe to just udr $_SESSION['auth']=$auth

@Sobient
Owner

Hi Dracony. I'm guessing you're referring to the AuthController. Serializing avoids "__PHP_Incomplete_Class_Name" problem when storing objects in sessions. See http://php.net/manual/en/oop4.serialization.php

Thanks for the feedback.

@dracony

Well in the case of AuthController.php the Class definition is already loaded so this problem wouldn't arise really.
though even that you might want to encapsulate the serializing/unserializing into the Auth class itself.
E.g.
1) have it save itself into the session at the end of successfull authenticate() call.
2) make it into a singleton, and make an Auth::instance() like this:

public static function instance(){
    if(isset($_SESSION['auth']))
          static::$_instance=unserialize($auth);
     if(static::$_instance==null)
          static::$_instance=new Auth();
    return static::$_instance;
}

This way you will have a single Auth instance everywhere.
Personally though I don't like storing classes into session, I usually just store some parameters (e.g. user_id etc)

@Sobient
Owner

I would suggest you fork this, commit your suggestions and put up a pull request.

@dracony

Sadly Im away from the PC for some time, I'm just using github as a forum this week)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.