Need Clarification On Zend_Auth Identity

[crwork]

I'm new to Zend and am having trouble understanding something specific about how a user is authenticated.

 

I'm reading that the Zend_Auth class is built with a singleton pattern. So this means just one instance of the object for all users, correct?

 

If that is true, then isn't this command non-user specific?

 

Zend_Auth::getInstance()->hasIdentity()

 

What is that command checking for exactly? Identity of the application itself? Or is it user-specific?

 

Since there are no parameters being passed, I'm having trouble making the connection how that would authenticate a specific user.

[trq]

So this means just one instance of the object for all users, correct?

 

No, that would be one instance per request and I believe Zend_Auth would refer to the current users session.

[crwork]

Ok, thanks. I guess that leads me to another related question (let me know if I should start a new thread).

 

In this particular Zend application I'm learning, there is an option for the user to log in, but they can still see the site as an anonymous user without logging in.

 

Just by opening the website as an anonymous user, the app is creating cookies for the anonymous user, setting a user id, and inserting this into a database.

 

Through debugging, I've isolated where it's doing the anonymous cookie creation:

 

if (Zend_Auth::getInstance()->hasIdentity()) {
.
.
.
}

 

If I put an exit statement as the first part of the if block, the cookies have already been created.

 

So what doesn't make sense is that the user has not logged in, yet "hasIdentity" is coming back as TRUE. Is this normal behavior for Zend? I looked at the storage adapter (in this case Cookies), and it looks to me like the identity should be coming back as FALSE, but this isn't the case. I'm a bit stumped.

Edited November 14, 2012 by crwork