Search code examples

custom session_handler broken with php7 (session_set_save_handler)

After updating to PHP7 I have some problems with my applications sessionhandling.

It doesn't seem to be a big problem but PHP throws this error everytime:

[18-Jun-2016 20:49:10 UTC] PHP Warning:  session_decode(): Session is not active. You cannot decode session data in /var/www/app/phpsessionredis.php on line 90

The session_handler is nothing special. It stores JSONified sessiondata to redis etc.

class phpsessionredis implements \SessionHandlerInterface {

    public function __construct( &$redis ) {

        $this->__rc = $redis;


    public function open($savePath, $sessionName) {
        return true;

    public function destroy($id) {
        try { $this->__rc->del($id); } 
        catch (\RedisException $e) { return false; }

    public function close() {
        return true;
    public function write($id, $data) {

        session_decode($data); // throws an error


            $this->__rc->setex( $id, 3600, json_encode($_SESSION) );

        } catch (\RedisException $e) { return false; }

        return true;

    public function read($id) {

        try {

          $r = $this->__rc
          ->expire($id, 3600)

        } catch (\RedisException $e) { return false; }

        $_SESSION = json_decode( $r[0], true );

        if( isset( $_SESSION ) && ! empty( $_SESSION ) && $_SESSION != null ){

            return session_encode();


        return ''; 


    public function gc($maxLifetime) {
        return true;


$sessionhandler = new phpsessionredis( $redis );

Any help is welcome.


  • I've got the same issue when updating to PHP7.

    You get that warning because session_decode() needs an active session, it will populate $_SESSION. That's not needed, you only want to unserialize the data to be stored into Redis.

    This is the best solution i've found. You can use this class to unserialize the session.

    class Session {
        public static function unserialize($session_data) {
            $method = ini_get("session.serialize_handler");
            switch ($method) {
                case "php":
                    return self::unserialize_php($session_data);
                case "php_binary":
                    return self::unserialize_phpbinary($session_data);
                    throw new Exception("Unsupported session.serialize_handler: " . $method . ". Supported: php, php_binary");
        private static function unserialize_php($session_data) {
            $return_data = array();
            $offset = 0;
            while ($offset < strlen($session_data)) {
                if (!strstr(substr($session_data, $offset), "|")) {
                    throw new Exception("invalid data, remaining: " . substr($session_data, $offset));
                $pos = strpos($session_data, "|", $offset);
                $num = $pos - $offset;
                $varname = substr($session_data, $offset, $num);
                $offset += $num + 1;
                $data = unserialize(substr($session_data, $offset));
                $return_data[$varname] = $data;
                $offset += strlen(serialize($data));
            return $return_data;
        private static function unserialize_phpbinary($session_data) {
            $return_data = array();
            $offset = 0;
            while ($offset < strlen($session_data)) {
                $num = ord($session_data[$offset]);
                $offset += 1;
                $varname = substr($session_data, $offset, $num);
                $offset += $num;
                $data = unserialize(substr($session_data, $offset));
                $return_data[$varname] = $data;
                $offset += strlen(serialize($data));
            return $return_data;

    Your write() will be:

    public function write($id, $data) {
        $session_data = Session::unserialize($data);
            $this->__rc->setex( $id, 3600, json_encode($session_data) );
        } catch (\RedisException $e) { return false; }
        return true;