Jump to content

Archived

This topic is now archived and is closed to further replies.

aniesh82

Zend_Acl, Zend_Auth & Zend_Session

Recommended Posts

Hi,

 

About the difference & usage of Zend Framework Acl, Auth & Session Components.

 

I am working on a Blog application by using Zend Framework. I found that, I can do the checking of user permission to different areas of the site by using ACL component. But the same thing can be do by using Session like in native php.

 

Which one is the used widely in Zend Development ?

 

Also, on login time , login details are stored by using Zend_Auth. How can I store other user details such as user id, email id etc? Where usually store these details, in Session or Zend_Auth or Zend_Acl ? Does it use Zend_Acl for storing the details or only for controlling the access permissions?

 

I am new to Zend Framework and doesn't get a clear idea about the difference between Zend_Acl,Zend_Auth & Zend_Session

 

Please help me.

 

Thanks in advance.

 

 

Share this post


Link to post
Share on other sites

They are two entirely different things.  ACL is designed to restrict access to areas by group permission level.  Session is a generic facility.  In Zend's case it's a fairly minimal wrapper around the basic PHP session capability.  Of course sessions are designed for you to persist information about a user across HTTP requests.  In other words, the ACL is specifically designed for you to secure your site, whereas session is a generic facility for storing session state - which typically includes a lot more data than what is needed for authentication and security.

Share this post


Link to post
Share on other sites

Zend_ACL is for controlling access only. Use Zend_Auth to store details once the user has been authorized. Like so:

$session = new Zend_Session_Namespace('Zend_Auth');

/* Add a valid property to the session and set its value to true */
$session->valid = true;

 

I believe Zend_Auth creates a default namespace called 'Zend_Auth'. You will have to verify that in the docs though. As long as you create the namespace like I've shown and pass the namespace name to the constructor, you will be able to access anything your try and store. Zend Framework is designed so that you really shouldn't be using Zend_Session or PHP's builtin session management. Just take a look at the Zend Framework Programmer's Reference. It should be able to answer most of your questions.

 

EDIT: Zend_Session will need to be used for somethings, such as logging out.

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.