[PHP] Cast Object to specific class

[Pc_Madness]

Hey guys, I have an Array of TimeSpan objects and I'm storing them in Sessions (bad idea?), and then when I read them out again they're just normal objects. Is there a way to cast them back? Or am I best off trying to manually copy the data into a new object?

Cheers!

[zeroday]

Try something like:

$timespan = (TimeSpan) $array[$index];

[Pc_Madness]

Try something like:

$timespan = (TimeSpan) $array[$index];

Sorry, I had a work around to this problem, but apparently not. :p

$Schedules = $_SESSION["SingleSchedules"];
foreach($Schedules as $Schedule)
{
	$NewSchedule = (Schedule) $Schedule;
	$Schedule->Enabled = 1;
	$Schedule->Save(true);
}

Parse error: syntax error, unexpected T_VARIABLE in C:\xampp\htdocs\schedule\create.php on line 9 (the cast line)

:(

[+M2Ys4U Subscriber¹]

Serialise the objects before you store them and un-serialise them when you retrieve them

http://uk.php.net/manual/en/function.serialize.php

As for storing them in sessions, why not just store the data on the server and just set the ID in a session/cookie? Less susceptible to maliciousness that way.

[Pc_Madness]

Serialise the objects before you store them and un-serialise them when you retrieve them

http://uk.php.net/manual/en/function.serialize.php

As for storing them in sessions, why not just store the data on the server and just set the ID in a session/cookie? Less susceptible to maliciousness that way.

Actually, it appears to be working now with calling the functions directly. *confused* Perhaps I was doing something stupid last time.

I thought all that was stored in a cookie was a Session ID? I'm storing a User Object in Sessions as well.. is it safe?

If not how would you recommend storing the data? I spose an example of what I'm doing is an Order System, where you have an Order (or cart) and Products that belong to that cart. At any time you can just leave the page and the cart+contents will be removed. I was originally doing it directly into the database, but then you have to schedule deletion of those unwanted carts and it just didn't feel very professional. :(

[+M2Ys4U Subscriber¹]

Erm, true. I was thinking more along the lines of cookies rather than sessions.

[Pc_Madness]

Erm, true. I was thinking more along the lines of cookies rather than sessions.

Ok cool. :p I only just remembered that you could access cookies using $_COOKIE, so I thought everyone was talking about $_SESSION being unsecure. :p

[david_at_jobhopping.org]

Very helpful! I had just encountered the same issue, and realised that casting doesn't work. Ahh.. the power of a good google search. :yes:

[FlibbyFlobby]

class TimeSpan 
{
public function __sleep() {
// actions to perform when serialized (e.g. close database connection)
}

public function __wakeup() {
// actions to perform when unserialized (e.g. reopen database connection)
}
}

$_SESSION['object'] = serialize(new TimeSpan);
$object = unserialize($_SESSION['object']);

[XakepaBG]

Actually, it appears to be working now with calling the functions directly. *confused* Perhaps I was doing something stupid last time.

I thought all that was stored in a cookie was a Session ID? I'm storing a User Object in Sessions as well.. is it safe?

If not how would you recommend storing the data? I spose an example of what I'm doing is an Order System, where you have an Order (or cart) and Products that belong to that cart. At any time you can just leave the page and the cart+contents will be removed. I was originally doing it directly into the database, but then you have to schedule deletion of those unwanted carts and it just didn't feel very professional. :(

Session data should be safe enough. Session hijacking happens if a cookie on a legitimate visitor's machine is captured and reused by an attacker while their session is still active. Not muc h you can do about this on the server side, I think.

HTTP is a stateless protocol. Leaving a WEBSITE - good enough reason to delete session data, but impossible to detect. Best case scenario - a session times out after no activity for some time period

Deleting expired session or cache data periodically is how most big applications do things. Defer costly operations if you can. Realtime purging of records/data just hurts performance, unless you struggle for session storage space, etc.. Better only do a mass cleanup when the site is not busy, etc.. Depending on indexes(if you're using a database for sesions) it may be VERY time/cpu/io consuming to delete records..

PHP's default session storage media is files, I think. can get slow with massive numbers of files, some filesystems experience delays if too many files in a folder. It's not too hard to make that session files folder a ramdisk one for more speed. Or, if you have enough tin, use a memcached server/cluster for sessions - for more scalability ;-)

In the case where you are concerned about session storage efficiency - only store visitor specific data in sessions, and everything else that is reusable - in APC/Memcached/database so your visitors keep using the very same physical cached data ;-)

Just my $.02