Re: [Phplib-users] php4 session saves whole obj properties, includeud db pass
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] php4 session saves whole obj properties, includeud db pass
|
From: Maxim D. <max...@bo...> - 2002-09-26 07:24:11
|
Hello Giancarlo, Wednesday, September 25, 2002, 10:31:30 PM, you wrote: G> I am disappointed, again, in discovering that. G> every property of the class is saves, and in each /tmp/sess_ there's G> everything for the connection,included puser an pass in cleartext. G> phplib used to save only the persisten vars. PHP4 has a trick to avoid that. All the classes that can be fed to serialize may define methods __sleep and __wakeup. __sleep is called just before serialization, and __wakeup is called just after unserialization. So, we should simply define those methods in Auth and other classes that are meant to be persistent and use DB - __sleep should unset db handle, __wakeup should define it. -- Best regards, Maxim Derkachev mailto:max...@bo... IT manager, Symbol-Plus Publishing Ltd. phone: +7 (812) 324-53-53 www.books.ru, www.symbol.ru |
