session data needs to be encoded because it can contain non binary safe

characters e.g null. Fixes #2067

src/Symfony/Component/HttpFoundation/SessionStorage/PdoSessionStorage.php

@@ -182,7 +182,7 @@ class PdoSessionStorage extends NativeSessionStorage
             $sessionRows = $stmt->fetchAll(\PDO::FETCH_NUM);
 
             if (count($sessionRows) == 1) {
-                return $sessionRows[0][0];
+                return base64_decode($sessionRows[0][0]);
             }
 
             // session does not exist, create it
@@ -218,9 +218,11 @@ class PdoSessionStorage extends NativeSessionStorage
             : "UPDATE $dbTable SET $dbDataCol = :data, $dbTimeCol = :time WHERE $dbIdCol = :id";
 
         try {
+            //session data can contain non binary safe characters so we need to encode it
+            $encoded = base64_encode($data);
             $stmt = $this->db->prepare($sql);
             $stmt->bindParam(':id', $id, \PDO::PARAM_STR);
-            $stmt->bindParam(':data', $data, \PDO::PARAM_STR);
+            $stmt->bindParam(':data', $encoded, \PDO::PARAM_STR);
             $stmt->bindValue(':time', time(), \PDO::PARAM_INT);
             $stmt->execute();
 
@@ -252,9 +254,11 @@ class PdoSessionStorage extends NativeSessionStorage
 
         $sql = "INSERT INTO $dbTable ($dbIdCol, $dbDataCol, $dbTimeCol) VALUES (:id, :data, :time)";
 
+        //session data can contain non binary safe characters so we need to encode it
+        $encoded = base64_encode($data);
         $stmt = $this->db->prepare($sql);
         $stmt->bindParam(':id', $id, \PDO::PARAM_STR);
-        $stmt->bindParam(':data', $data, \PDO::PARAM_STR);
+        $stmt->bindParam(':data', $encoded, \PDO::PARAM_STR);
         $stmt->bindValue(':time', time(), \PDO::PARAM_INT);
         $stmt->execute();