DynamoDB StandardSessionConnection is not binary safe

[dnsl48]

Version of AWS SDK for PHP?

3.102.0

Version of PHP (php -v)?

PHP 7.2.15 (cli) (built: Feb  9 2019 02:46:46) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

What issue did you see?

StandardSessionConnection is not binary safe, since it persists $data as strings (S).
PHP strings, on the other hand, are arrays of bytes and as such may contain any range of binary data.

As such, if e.g. a string within session data starts with an invalid byte (e.g. php string "\x80"), it breaks the DynamoDB SessionHandler integration.

trigger_error(Error writing session PHPSESSID_39394b7d7820598e9049dc61fe6cef63: Error executing "UpdateItem" on "http://dynamodb:8000"; AWS HTTP error: Server error: `POST http://dynamodb:8000` resulted in a `500 Server Error` response:
--
  | {"__type":"com.amazonaws.dynamodb.v20120810#InternalFailure","message":"The request processing has failed because of an  (truncated...)
  | InternalFailure (server): The request processing has failed because of an unknown error, exception or failure. - {"__type":"com.amazonaws.dynamodb.v20120810#InternalFailure","message":"The request processing has failed because of an unknown error, exception or failure."}, 512)
  | StandardSessionConnection.php:138
  |  
  | Aws\DynamoDb\StandardSessionConnection->triggerError(Error writing session PHPSESSID_39394b7d7820598e9049dc61fe6cef63: Error executing "UpdateItem" on "http://dynamodb:8000"; AWS HTTP error: Server error: `POST http://dynamodb:8000` resulted in a `500 Server Error` response:
  | {"__type":"com.amazonaws.dynamodb.v20120810#InternalFailure","message":"The request processing has failed because of an  (truncated...)
  | InternalFailure (server): The request processing has failed because of an unknown error, exception or failure. - {"__type":"com.amazonaws.dynamodb.v20120810#InternalFailure","message":"The request processing has failed because of an unknown error, exception or failure."})
  | StandardSessionConnection.php:73
  |  
  | Aws\DynamoDb\StandardSessionConnection->write(PHPSESSID_39394b7d7820598e9049dc61fe6cef63, a byte\|s:1:"�";, 1)
  | SessionHandler.php:178
  |  
  | Aws\DynamoDb\SessionHandler->write(39394b7d7820598e9049dc61fe6cef63, a byte\|s:1:"�";)
  |  
  | session_write_close()

Steps to reproduce

$_SESSION['a byte'] = "\x80";

Additional context

On dynamo-local it appears as 500 Server error.
On AWS it becomes 400 Bad Request and becomes a "SerializationException". It's been once reported in the following issue #1185

[diehlaws]

Hi @dnsl48, thanks for bringing this to our attention. This is definitely unintended behavior so I'm marking the issue as a bug, discussion on the implementation for this fix can continue in the PR you've created in association with this issue to avoid duplicate work between here and there so that the issue can be closed out once the PR is merged.