Jump to content

Zend Authentication


crwork

Recommended Posts

I'm about to adapt some software that uses Zend for purposes of user authentication.

 

On the home page of the existing Zend site, even if you've logged off, closed all browsers, then come back to the home page without logging on, the code still thinks the user has been authenticated. The following statement is true in index.php:

 

if (Zend_Auth::getInstance()->hasIdentity()) {...

 

I've done some research on user authentication via Zend (which I'm new to), but I seem to missing a basic point. When Zend authenticates a user, where is that information going? To the session? Cookies? It feels like a black box to me. I've looked in the Zend code, but it's a serious labyrinth. I can't pinpoint where the user authentication is going.

Link to comment
https://forums.phpfreaks.com/topic/269943-zend-authentication/
Share on other sites

even if you've logged off, closed all browsers, then come back to the home page without logging on, the code still thinks the user has been authenticated

That's not good! Lol. I'd look into the logout script. Make sure the identity is cleared via Zend_Auth::getInstance()->clearIdentity() and even destroy the session as well if it's necessary; Zend_Session::destroy()

 

When Zend authenticates a user, where is that information going? To the session? Cookies?

Depends on the storage set for Zend_Auth, the default is Zend_Auth_Storage_Session.

Link to comment
https://forums.phpfreaks.com/topic/269943-zend-authentication/#findComment-1387992
Share on other sites

That's not good! Lol. I'd look into the logout script. Make sure the identity is cleared via Zend_Auth::getInstance()->clearIdentity() and even destroy the session as well if it's necessary; Zend_Session::destroy()

 

 

Depends on the storage set for Zend_Auth, the default is Zend_Auth_Storage_Session.

 

Ok, thanks shlumph.

Link to comment
https://forums.phpfreaks.com/topic/269943-zend-authentication/#findComment-1388773
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.