librelist archives

« back to archive

Upcoming backward incompatible change with the cookies

Upcoming backward incompatible change with the cookies

From:
Loic d'Anterroches
Date:
2011-03-11 @ 15:23
Hello,

I am changing the serialization from json to the PHP serialize format.
If you wonder why, this is because json do not supporte binary data.
This means that if you crypt your data to be put in the cookies, you end
up doing:

$cookie = base64_encode(json_encode(base64_encode(crypt($data))));

You need to base64 encode before giving that to json_encode. As a base64
encoding is 1/3 bigger than the raw data, you inflate a lot the original
data.

With the serialize, you save one base64 encoding. For small strings,
json is smaller, so we pay a little price as shown here for a cookie
with value "bar":

-Set-Cookie: foo=ImJhciI.XKjR6UgHvr2R0ggu9O8elOut8NU;
+Set-Cookie: foo=czozOiJiYXIiOw.6o_2mL7ZL4HgcezUZT4Nn9VcIuM;

the string after the dot (.) is the signature of the cookie as all the
cookies are signed. When the signature does not match, the cookie is
automatically discarded. This means that if you set cookies and read
them through Photon, you can always trust them :)

You can access the raw headers as parsed by Mongrel2 if you want. Photon
never prevent you to look at the deepest level.

Note that serialize was the initial way to store the data, I switched to
json for this size optimisation, which is finally not robust enough.

loïc

--
Indefero - Project management and code hosting - http://www.indefero.net
Photon - High Performance PHP Framework - http://photon-project.com
Céondo Ltd - Web + Science = Fun - http://www.ceondo.com

Re: [photon.users] Upcoming backward incompatible change with the cookies

From:
Mickaël Desfrênes
Date:
2011-03-11 @ 15:28
PHP has bson_encode / decode. Unfortunately it requires the mongodb module
so I think you're right with the PHP serialization:
http://www.php.net/manual/fr/function.bson-encode.php

2011/3/11 Loic d'Anterroches <loic@ceondo.com>

> Hello,
>
> I am changing the serialization from json to the PHP serialize format.
> If you wonder why, this is because json do not supporte binary data.
> This means that if you crypt your data to be put in the cookies, you end
> up doing:
>
> $cookie = base64_encode(json_encode(base64_encode(crypt($data))));
>
> You need to base64 encode before giving that to json_encode. As a base64
> encoding is 1/3 bigger than the raw data, you inflate a lot the original
> data.
>
> With the serialize, you save one base64 encoding. For small strings,
> json is smaller, so we pay a little price as shown here for a cookie
> with value "bar":
>
> -Set-Cookie: foo=ImJhciI.XKjR6UgHvr2R0ggu9O8elOut8NU;
> +Set-Cookie: foo=czozOiJiYXIiOw.6o_2mL7ZL4HgcezUZT4Nn9VcIuM;
>
> the string after the dot (.) is the signature of the cookie as all the
> cookies are signed. When the signature does not match, the cookie is
> automatically discarded. This means that if you set cookies and read
> them through Photon, you can always trust them :)
>
> You can access the raw headers as parsed by Mongrel2 if you want. Photon
> never prevent you to look at the deepest level.
>
> Note that serialize was the initial way to store the data, I switched to
> json for this size optimisation, which is finally not robust enough.
>
> loïc
>
> --
> Indefero - Project management and code hosting - http://www.indefero.net
> Photon - High Performance PHP Framework - http://photon-project.com
> Céondo Ltd - Web + Science = Fun - http://www.ceondo.com
>



--