I have made a minor change to fabrizio's (et all) version of the unserializesession function because it was choking on underscores in my variable names. Here is the correct version which should account for ALL possible PHP variable names:
function unserializesession($data) {
$vars=preg_split(
'/([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)\|/',
$data,-1,PREG_SPLIT_NO_EMPTY |
PREG_SPLIT_DELIM_CAPTURE
);
for($i=0; $vars[$i]; $i++) {
$result[$vars[$i++]]=unserialize($vars[$i]);
}
return $result;
}
Please note that I had to split the preg_split function call above into 4 lines due to the limitations of this forum. This version changes the regex used to find variable names so that it complies with the specs for variable names as specified in the PHP manual at http://us3.php.net/manual/en/language.variables.php. I just took the regex directly from the PHP manual pages where they give the regex equivalent for a valid variable name as:
[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*
Anyway, this seems to work great for me now, even on gigantic strings of encoded session data.