I have the following in my logout action: Zend_Session::destroy(true);
after I clear my identity. Will that help? From: Bart McLeod [mailto:[email protected]] Sent: Friday, March 05, 2010 4:06 AM To: Cameron Cc: Jake McGraw; Hector Virgen; Zend Framework - General Subject: Re: [fw-general] Zend_Auth::getInstance()->clearIdentity() doesn't seem to log me out? Hi Cameron, Just some ideas. I assume you are using latest from trunk. If I try in my system to logout, I can logout. So nothing is wrong with the framework I think. So we are looking at a problem in your logic somewhere. The first thing I thought was there could be something with redirecting the way you do. May you should be forwarding to your default action instead, so that the clearance of the identity can take effect before you redirect. I do this in my logout action: public function logoutAction() { Globals::logout(); $this->_forward('index'); } You can see that I do not redirect, but I forward. In this case to the default action of the login controller. Globals does the following: public static function logout() { $auth = Zend_Auth::getInstance(); Zend_Registry::get('log')->info('Trying to clear identity'); $auth->clearIdentity(); } Since there is not much of a difference with your code, I think it must be the redirect. If that is not the issue, then I start to think of caching. Do you return cached content before you check the identity? In that case, logging out won't help once pages are cached. Just a thought. Regards, Bart McLeod Cameron schreef: I'm logged in because I can still access the entire application, something I can't do until I'm authorized. As for cookies, I dunno... there's nothing in the application that manually writes anything to a cookie, so it could only be Zend or general PHP session related... On Fri, Mar 5, 2010 at 12:54 PM, Jake McGraw <[email protected]<mailto:[email protected]>> wrote: On Thu, Mar 4, 2010 at 11:39 PM, Hector Virgen <[email protected]<mailto:[email protected]>> wrote: > Anything in your cookies causing you to stay logged in? > > -- > Hector > > > On Thu, Mar 4, 2010 at 7:30 PM, Cameron > <[email protected]<mailto:[email protected]>> wrote: >> >> Hi guys, I'm really not sure where I'm going with this one, it seems like >> I must be doing something completely wrong, but I'm not really sure where to >> even start looking. >> >> Here's my logout action: >> >> public function logoutAction() { >> Zend_Auth::getInstance()->clearIdentity(); >> $this->_helper->redirector('/'); >> } >> >> Pretty simple, right? The redirect certainly works, but for some reason, >> I'm still logged in! I've even tried $_SESSION = ''; to brute force the >> session to be deleted, but there i am, still logged in. Anyone got any ideas >> on this one? How are you confirming that you're still logged in? Perhaps that's the issue? - jake > > -- Bart McLeod Space Web Middenlaan 47 6865 VN Heveadorp The Netherlands t +31(0)26 3392952 m 06 51 51 89 71 @ [email protected]<mailto:[email protected]> www.spaceweb.nl<http://www.spaceweb.nl> [cid:[email protected]][cid:[email protected]][cid:[email protected]] Bart McLeod is a Zend Certified Engineer. Click to verify!<http://www.zend.com/zce.php?c=ZEND004591&r=218204904> [cid:[email protected]]
<<inline: image001.gif>>
<<inline: image002.gif>>
<<inline: image003.gif>>
<<inline: image004.gif>>
