I’m getting inconsistent session serialization on my development and production environments.
Code is identical, synced with SVN. Apache and PHP configuration is basically identical, only the domain name is different. Both are running Debian Squeeze, the server is 64 bit and development is 32 bit.
On the server, the data being saved looks like base64 encoded, though I am not sure it is :
vvZKW5WEbvvRCs0-M0R8zTDAuTsKZSADKORDemOWOXqPJs0J42l7nZIewsHp8JjGFQw64Xq2x5dB_7187W4HPdJ1Yo5yK6oHvB8ofx7GL82WJCaPrzP8pR1xm02f9HenDaShvy1WTHuMuCSJ3zWGUnjRpOuJtZ49v4Dh2L5U0M4.
The development session data is the normal PHP style :
foo|s:3:"bar";baz|s:6:"wombat";promoter|O:8:"stdClass":0:{}475b17e28b25580bb92430bb286637ddlanguage|s:5:"en_us";
On the server, session management doesn’t work properly, for example going to a subdomain on the site causes the session to be reinitialized for all subdomains.
I’m using the Yii framework though I’ve eliminated that as the source of the problem by copy pasting the code found here in my index.php file before any processing is done by the framework.
So my questions are : why is this happening, and how can I make the server save session data like the development environment ?
BTW, I would much rather not have to resort to some nasty hack like :
function writeSession($id,$data)
{
$data = serialize($_SESSION);
....
}
TIA.
Got some help on this, the difference between the two servers was that one had the suhosin patch installed and set to encrypt session data, while the other did not.
I installed the suhosin patch on the server that didn’t have it, but it was creating some problems for me, so I disabled the session encrypt feature on both servers. Everything is now working as expected.
In the settings file, in my case /etc/php5/conf.d/suhosin.ini