Are you sure it is working? Zend_Session::rememberMe() is calling
Zend_Session::rememberUntil() which is calling the php function
session_set_cookie_params () (http://php.net/session_set_cookie_params)
. This function configures the cookie use by the session. As Darby said
it should be called before session_start() to work.
Finally here is how I solve this issue:
*In my AuthController, after a successful authentification :*
// Set a cookie to notify the bootstrap how long the session cookie
should last
$duration = $this->_form->rememberme ? 1209600 : 0;
setcookie("Zend_Auth_RememberMe", $duration, time()+6000, '/');
*In my bootstrap:*
// Session
include 'Zend/Session.php';
if(isset($_COOKIE["Zend_Auth_RememberMe"])){
Zend_Session::rememberUntil($_COOKIE["Zend_Auth_RememberMe"]);
unset($_COOKIE["Zend_Auth_RememberMe"]);
}
Zend_Session::start();
Regards,
--
Laurent Melmoux - [EMAIL PROTECTED]
Annecy - France
Steven Brown a écrit :
Actually I found I could call Zend_Session::rememberMe() after
Zend_Session::start() and it works.
I call Zend_Session::start() in my bootstrap and Zend_Session::rememberMe()
in my login action.
I expected it to not work after reading the manual however it seems to work
fine.
-----Original Message-----
From: Laurent Melmoux [mailto:[EMAIL PROTECTED]
Sent: Friday, 7 December 2007 1:34 AM
To: Darby Felton
Cc: Zend Framework General
Subject: Re: [fw-general] Zend_Session::start() and remember me
Darby Felton a écrit :
d1. what happens now is the client is sent a cookie named
REMEMBERME=true,
e. The next page visit that Zend_Session is started on will see the
REMEMBERME cookie, then change the SESSION COOKIE to a persistent cookie
(for as long as the remember me secionds value). The REMEMBERME cookie
is then destroyed as its served its purpose. f. Now you have a session
cookie that will end at a specific time in the future, not when the
browser closes.
I’m going to use this technique to solve my problem
Yes, Ralph's explanation is fine and correct and does not conflict with
the crux of my last message - that rememberMe() must be called before
the session is started.
Yes I totally agree with that.
I think I don’t explain myself very well :).
My original question was, how can I keep Zend_Session::start() at the
beginning of my bootstrap and at the same time have my Auth Controller
works with the remember me fiture.
So now I have an answer, by using Ralph technique, I can set a cookie in
the AuthController to notifies my bootstrap, to call
Zend_Session::remeberMe()in my next page load.
Actually, I got mixed up with the session remember me and the
authentification remember me. It is 2 things even though the
authentification remember me is tight couple with the session.( may be
Zend_Session::setDuration() would be less confusing ? )
But I'm wondering why it haven’t been implemented this way? Well, I
guess that Zend_Session ::rememberMe() is not specific to
authentification.
What do you think of a Zend_Auth::setRememberMe() to place in your Auth
Controller and a Zend_Auth::rememberMe() in the bootstrap that well
check for a specific cookie then proxy to Zend_Session ::rememberMe() ?
Darby Felton a écrit :
Hi Laurent,
IIRC, Zend_Session::rememberMe() uses session_set_cookie_params(). Thus,
it must be called before the session is started to work properly. This
is documented here:
http://framework.zend.com/manual/en/zend.session.global_session_management.h
tml#zend.session.global_session_management.rememberme
Sorry for the long URL. :)
Best regards,
Darby
Laurent Melmoux wrote:
Hi all,
Until now I had call Zend_Session::start() at the beginning of
bootstrap
file, so far so good.
But now, I would like to add a remember me option on my login form, so
if the authentification succeed and the remember me have been checked I
call Zend_Session::rememberMe()... But it won’t work because the
session
is already started!
What do you consider as best practice to deal with this use case?
Where Zend_Session::start() should be called ?
Regards
