Apr 10, 2003
Is it safe to store an object in a session variable, allowing it to be unserialized without the class definition loaded in some cases, then, later, unserialize with the class definition loaded and continue using normally? e.g.
View 6 Replies
page 1: load class definition, start session, create new object, store in session variable
page 2: start session, don't access object stored in session
page 3: load class definition, start session, access properties / methods of object stored in session
The PHP manual says
It is strongly recommended that you include the class definitions of all such registered objects on all of your pages . . . If you don't and an object is being unserialized without its class definition being present, it will lose its class association and become an object of class stdClass without any functions available at all . . .
What I am wondering is whether that explanation should be qualified by "for that request". That is, does unserializing the object without the class definition loaded only cripple the object for that request, or does it permanently damage it when it is reserialized?
I tried a quick, simple test by creating three pages that behave as described above, and it appeared to work fine.