Laurent Melmoux wrote: > Hi Darby, > > > I found this quote of Ralph in the archive : > > a. You start a session.. > b. Do stuff.. > c. Go to login page, complete and click remember me.. > > d. Now, your controller/script detects the posted rememberme, and then > issues a Zend_Session_Core::rememberMe();
Note that c+d is a different request than the request for a+b. > d1. what happens now is the client is sent a cookie named REMEMBERME=true, > > e. The next page visit that Zend_Session is started on will see the > REMEMBERME cookie, then change the SESSION COOKIE to a persistent cookie > (for as long as the remember me secionds value). The REMEMBERME cookie > is then destroyed as its served its purpose. f. Now you have a session > cookie that will end at a specific time in the future, not when the > browser closes. > > I’m going to use this technique to solve my problem Yes, Ralph's explanation is fine and correct and does not conflict with the crux of my last message - that rememberMe() must be called before the session is started. > But I'm wondering why it haven’t been implemented this way? Well, I > guess that Zend_Session ::rememberMe() is not specific to authentification. > What do you think of a Zend_Auth::setRememberMe() to place in your Auth > Controller and a Zend_Auth::rememberMe() in the bootstrap that well > check for a specific cookie then proxy to Zend_Session ::rememberMe() ? > > > Darby Felton a écrit : >> Hi Laurent, >> >> IIRC, Zend_Session::rememberMe() uses session_set_cookie_params(). Thus, >> it must be called before the session is started to work properly. This >> is documented here: >> >> http://framework.zend.com/manual/en/zend.session.global_session_management.html#zend.session.global_session_management.rememberme >> >> >> Sorry for the long URL. :) >> >> Best regards, >> Darby >> >> Laurent Melmoux wrote: >> >>> Hi all, >>> >>> Until now I had call Zend_Session::start() at the beginning of bootstrap >>> file, so far so good. >>> >>> But now, I would like to add a remember me option on my login form, so >>> if the authentification succeed and the remember me have been checked I >>> call Zend_Session::rememberMe()... But it won’t work because the session >>> is already started! >>> >>> What do you consider as best practice to deal with this use case? >>> Where Zend_Session::start() should be called ? >>> >>> Regards >>> >>> >> >> > >
