Re: [fw-general] Zend_Auth::getInstance()->clearIdentity() doesn't seem to log me out?

[Bart McLeod]

Hi  Cameron, Just some ideas. I assume you are using latest from trunk. If I try in my system to logout, I can logout. So nothing is wrong with the framework  I think. So we are looking at a problem in your logic somewhere. The first thing I thought was there could be something with redirecting the way you do. May you should be forwarding to your default action instead, so that the clearance of the identity can take effect before you redirect. I do this in my logout action:     public function logoutAction()     {         Globals::logout();         $this->_forward('index');     } You can see that I do not redirect, but I forward. In this case to the default action of the login controller. Globals does the following:     public static function logout()     {         $auth = Zend_Auth::getInstance();         Zend_Registry::get('log')->info('Trying to clear identity');         $auth->clearIdentity();     } Since there is not much of a difference with your code, I think it must be the redirect. If that is not the issue, then I start to think of caching. Do you return cached content before you check the identity? In that case, logging out won't help once pages are cached. Just a thought. Regards, Bart McLeod Cameron schreef: I'm logged in because I can still access the entire application, something I can't do until I'm authorized. As for cookies, I dunno... there's nothing in the application that manually writes anything to a cookie, so it could only be Zend or general PHP session related... On Fri, Mar 5, 2010 at 12:54 PM, Jake McGraw <jmcgr...@gmail.com> wrote: On Thu, Mar 4, 2010 at 11:39 PM, Hector Virgen <djvir...@gmail.com> wrote: > Anything in your cookies causing you to stay logged in? > > -- > Hector > > > On Thu, Mar 4, 2010 at 7:30 PM, Cameron <themsel...@gmail.com> wrote: >> >> Hi guys, I'm really not sure where I'm going with this one, it seems like >> I must be doing something completely wrong, but I'm not really sure where to >> even start looking. >> >> Here's my logout action: >> >> public function logoutAction() { >>         Zend_Auth::getInstance()->clearIdentity(); >>         $this->_helper->redirector('/'); >> } >> >> Pretty simple, right? The redirect certainly works, but for some reason, >> I'm still logged in! I've even tried $_SESSION = ''; to brute force the >> session to be deleted, but there i am, still logged in. Anyone got any ideas >> on this one? How are you confirming that you're still logged in? Perhaps that's the issue? - jake > > -- Bart McLeod Space Web Middenlaan 47 6865 VN Heveadorp The Netherlands t +31(0)26 3392952 m 06 51 51 89 71 @ i...@spaceweb.nl www.spaceweb.nl Bart McLeod is a Zend Certified Engineer. Click to verify!