Jump to content

Recommended Posts

I'm about to adapt some software that uses Zend for purposes of user authentication.

 

On the home page of the existing Zend site, even if you've logged off, closed all browsers, then come back to the home page without logging on, the code still thinks the user has been authenticated. The following statement is true in index.php:

 

if (Zend_Auth::getInstance()->hasIdentity()) {...

 

I've done some research on user authentication via Zend (which I'm new to), but I seem to missing a basic point. When Zend authenticates a user, where is that information going? To the session? Cookies? It feels like a black box to me. I've looked in the Zend code, but it's a serious labyrinth. I can't pinpoint where the user authentication is going.

Link to comment
https://forums.phpfreaks.com/topic/269943-zend-authentication/
Share on other sites

even if you've logged off, closed all browsers, then come back to the home page without logging on, the code still thinks the user has been authenticated

That's not good! Lol. I'd look into the logout script. Make sure the identity is cleared via Zend_Auth::getInstance()->clearIdentity() and even destroy the session as well if it's necessary; Zend_Session::destroy()

 

When Zend authenticates a user, where is that information going? To the session? Cookies?

Depends on the storage set for Zend_Auth, the default is Zend_Auth_Storage_Session.

Link to comment
https://forums.phpfreaks.com/topic/269943-zend-authentication/#findComment-1387992
Share on other sites

That's not good! Lol. I'd look into the logout script. Make sure the identity is cleared via Zend_Auth::getInstance()->clearIdentity() and even destroy the session as well if it's necessary; Zend_Session::destroy()

 

 

Depends on the storage set for Zend_Auth, the default is Zend_Auth_Storage_Session.

 

Ok, thanks shlumph.

Link to comment
https://forums.phpfreaks.com/topic/269943-zend-authentication/#findComment-1388773
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.