added json by default functionality for security

[n0nag0n]

No description provided.

[Copilot]

Pull Request Overview

This PR introduces JSON as the default session serialization format (with optional encryption) alongside the existing PHP serialization, plus comprehensive tests for both modes.

• Add serialization config (defaults to 'json') with validation
• Update read/write to branch on JSON vs. PHP and handle encryption
• Introduce assertNoObjects to prevent unsafe JSON storage and add tests for all modes

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
src/Session.php	Add serialization property, enhance read/write, add object guard
tests/SessionTest.php	New tests for JSON/PHP serialization (plain & encrypted) and object rejection

Comments suppressed due to low confidence (2)

src/Session.php:229

• The write-skip condition allows writing when $this->data is empty but not marked changed, potentially writing empty files. Consider also skipping when empty($this->data) is true, or revert to the original logic to prevent unintended empty writes.

        if ($this->changed !== true && !empty($this->data)) {

src/Session.php:479

• assertNoObjects() assumes $data is always iterable. For scalar session values (e.g., integers or strings), this will produce a foreach warning. Guard with is_array($current) before iterating.

            foreach ($current as $v) {