Then you'll destroy your complete session which might delete other data inside the session as well. Besides, the Global:logout() approach isn't the nicest either.
If Zend_Auth::getInstance()->clearIdentity() doesn't work and *within* the same request *after* you cleared the identity, there is still a valid identity, your adapter might be buggy. Do you have a custom adapter, some obscure overloading or anything? Regards, Jurian -- Jurian Sluiman CTO Soflomo V.O.F. http://soflomo.com On Friday 05 Mar 2010 14:21:10 Gina-Marie Rollock wrote: > I have the following in my logout action: > > Zend_Session::destroy(true); > > after I clear my identity. Will that help? > > From: Bart McLeod [mailto:[email protected]] > Sent: Friday, March 05, 2010 4:06 AM > To: Cameron > Cc: Jake McGraw; Hector Virgen; Zend Framework - General > Subject: Re: [fw-general] Zend_Auth::getInstance()->clearIdentity() doesn't > seem to log me out? > > Hi Cameron, > > Just some ideas. I assume you are using latest from trunk. > > If I try in my system to logout, I can logout. So nothing is wrong with the > framework I think. So we are looking at a problem in your logic > somewhere. > > The first thing I thought was there could be something with redirecting the > way you do. May you should be forwarding to your default action instead, > so that the clearance of the identity can take effect before you redirect. > > I do this in my logout action: > public function logoutAction() > { > Globals::logout(); > $this->_forward('index'); > } > > You can see that I do not redirect, but I forward. In this case to the > default action of the login controller. > > Globals does the following: > public static function logout() > { > $auth = Zend_Auth::getInstance(); > Zend_Registry::get('log')->info('Trying to clear identity'); > $auth->clearIdentity(); > } > > Since there is not much of a difference with your code, I think it must be > the redirect. > > If that is not the issue, then I start to think of caching. Do you return > cached content before you check the identity? In that case, logging out > won't help once pages are cached. Just a thought. > > Regards, > > Bart McLeod > > > > > Cameron schreef: > I'm logged in because I can still access the entire application, something > I can't do until I'm authorized. As for cookies, I dunno... there's > nothing in the application that manually writes anything to a cookie, so > it could only be Zend or general PHP session related... On Fri, Mar 5, > 2010 at 12:54 PM, Jake McGraw > <[email protected]<mailto:[email protected]>> wrote: > > On Thu, Mar 4, 2010 at 11:39 PM, Hector Virgen <[email protected]<mailto:[email protected]>> wrote: > > Anything in your cookies causing you to stay logged in? > > > > -- > > Hector > > > > On Thu, Mar 4, 2010 at 7:30 PM, Cameron <[email protected]<mailto:[email protected]>> wrote: > >> Hi guys, I'm really not sure where I'm going with this one, it seems > >> like I must be doing something completely wrong, but I'm not really > >> sure where to even start looking. > >> > >> Here's my logout action: > >> > >> public function logoutAction() { > >> > >> Zend_Auth::getInstance()->clearIdentity(); > >> $this->_helper->redirector('/'); > >> > >> } > >> > >> Pretty simple, right? The redirect certainly works, but for some reason, > >> I'm still logged in! I've even tried $_SESSION = ''; to brute force the > >> session to be deleted, but there i am, still logged in. Anyone got any > >> ideas on this one? > > How are you confirming that you're still logged in? Perhaps that's the > issue? > > - jake > > > > > > -- > Bart McLeod > Space Web > Middenlaan 47 > 6865 VN Heveadorp > The Netherlands > t +31(0)26 3392952 > m 06 51 51 89 71 > @ [email protected]<mailto:[email protected]> > www.spaceweb.nl<http://www.spaceweb.nl> > > [cid:[email protected]][cid:[email protected]][ci > d:[email protected]] > > Bart McLeod is a Zend Certified Engineer. > > Click to verify!<http://www.zend.com/zce.php?c=ZEND004591&r=218204904> > > [cid:[email protected]]
