So I am having a very strange issue that seems to involves
Zend_Session::rememberMe() and I believe Zend_Auth as well.
I am working with a fairly standard authentication/authorization setup using
the Zend Framework components and all was going very well. A user could
post their credentials, the system would look them up and create a Zend_Auth
identity using Zend_Auth_Adapter_DbTable. From that point the user was
logged in. I implemented the Zend_Session::rememberMe() functionality and
after a few adjustments, this worked perfectly (at this point, using ZF
0.9).
So here is my problem. It's been a few months, and I've noticed that
specifically the "remember me" functionality no longer works right. If a
user logs in, without checking the "remember me" box, everything is great.
If the "remember me" box is checked, the user is forwarded right back to the
login screen. That's it, no errors, nothing except the user isn't logged
in. Here is the remember me code:
// Check for remember me option
if (isset($data['remember_me']) && (int) $data['remember_me'] == 1) {
Zend_Session::rememberMe();
}
So this is what I know about the problem:
- I first noticed it while using 0.9.3 – the application is currently
updated to 1.0.0RC1 and the problem is still present
- After going through all the code and debugging, I know that when the
"remember me" box is checked, the user account is found, the
Zend_Auth_Adapter_DbTable finds and sets the correct user identity. And
everything is good, but upon redirecting to the secured pages, the identity
object is being wiped out somehow
- When the box is checked, the actual cookie is set…it just appears that
the Zend_Auth identity is wiped out
I even tried to create a brand new "blank" application test case using a
simple form and it appears to work, so I'm not convinced it is totally the
ZF to blame. But I have not changed any code related to this functionality
since it worked and now it just doesn't work. I know this is a specific
case, but if anyone would know of where else I could look to debug this or
if you've seen this before I could use the help. I don't feel that I
understand all the ins and outs of the MVC functionality to fully grasp
where in the whole request process that this Zend_Auth stuff could be
overridden or removed.
Thanks for any suggestions!
--
----------------------------------
Peter McWilliams <><
--
View this message in context:
http://www.nabble.com/Problem-with-Zend_Session%3A%3ArememberMe%28%29--tf3908000s16154.html#a11080211
Sent from the Zend Framework mailing list archive at Nabble.com.
