Keith Pope wrote:
Hi,
When using Zend_Auth what is the best practice for use of the identity?
Consider that a loaded question ;)
The real answer: it depends.
A) Propagating username in session.
+ less disk space, io used in the session file
+ no need to worry about serialization
- database hit per request per user "logged in"
* good for situations where your user base is not "logged in" when
summing up all the requests on your site. Also, good if you are
extending Zend_Db_Table* for modeling (not using Zend_Db_Table as a
mapper only)
B) Propagating serialized object in session.
+ no need to hit the db to retrieve the user object
- more disk space used to serialize object in session file
- must ensure that objects (models) make good use of __sleep, __wakeup.
* good for situations where there is a large percentage of requests
that have a user "logged in", and especially good when the majority of
those requests will not be hitting the database (essentially even saving
the entire db connect process).
I have a site that has "admin" features, but knowing that for most
requests there will be no user associated with the request, I don't mind
building the user object for the request, so I opt for this code on that
site:
// $auth is Zend_Auth::getInstance()
if ($auth->hasIdentity()) {
$users = new Users();
$usersfound = $users->findByUsername($auth->getIdentity());
if ($usersfound->count() == 1) {
$registry->user = $view->user = $usersfound->current();
}
unset($users, $usersfound); // remove from the global scope
}
