Re: [fw-general] Zend_Auth::getInstance()->clearIdentity() doesn't seem to log me out?

[Bart McLeod]

My guess is that it will only help if you allow the request to complete within your application logic. That is why I suggest a _forward instead of a _redirect, but even that was a guess. I didn't yet try if a _redirect would break my application to. But now I have verified it, and it works equally well with a redirect as with a _forward. Even if I redirect to a complete different website. Anyway, clearIdentity should be enough within normal application flow. It may go wrong if you login someone automatically based on session data outside the reach of Zend_Auth. If you logout and then get logged in automatically based on derived session data, not encapsulated within Zend_Auth, then you are doing something wrong. clearIdentity() does the job. If it doesn't, something got out of control somewhere. I think you should be looking at how identity checking is done. Is it actually being performed for each access to your application? Regards, Bart McLeod Op 5-3-2010 14:21, Gina-Marie Rollock schreef: I have the following in my logout action:   Zend_Session::destroy(true);   after I clear my identity. Will that help?   From: Bart McLeod [mailto:mcl...@spaceweb.nl] Sent: Friday, March 05, 2010 4:06 AM To: Cameron Cc: Jake McGraw; Hector Virgen; Zend Framework - General Subject: Re: [fw-general] Zend_Auth::getInstance()->clearIdentity() doesn't seem to log me out?   Hi  Cameron, Just some ideas. I assume you are using latest from trunk. If I try in my system to logout, I can logout. So nothing is wrong with the framework  I think. So we are looking at a problem in your logic somewhere. The first thing I thought was there could be something with redirecting the way you do. May you should be forwarding to your default action instead, so that the clearance of the identity can take effect before you redirect. I do this in my logout action:     public function logoutAction()     {         Globals::logout();         $this->_forward('index');     } You can see that I do not redirect, but I forward. In this case to the default action of the login controller. Globals does the following:     public static function logout()     {         $auth = Zend_Auth::getInstance();         Zend_Registry::get('log')->info('Trying to clear identity');         $auth->clearIdentity();     } Since there is not much of a difference with your code, I think it must be the redirect. If that is not the issue, then I start to think of caching. Do you return cached content before you check the identity? In that case, logging out won't help once pages are cached. Just a thought. Regards, Bart McLeod Cameron schreef: I'm logged in because I can still access the entire application, something I can't do until I'm authorized. As for cookies, I dunno... there's nothing in the application that manually writes anything to a cookie, so it could only be Zend or general PHP session related... On Fri, Mar 5, 2010 at 12:54 PM, Jake McGraw <jmcgr...@gmail.com> wrote: On Thu, Mar 4, 2010 at 11:39 PM, Hector Virgen <djvir...@gmail.com> wrote: > Anything in your cookies causing you to stay logged in? > > -- > Hector > > > On Thu, Mar 4, 2010 at 7:30 PM, Cameron <themsel...@gmail.com> wrote: >> >> Hi guys, I'm really not sure where I'm going with this one, it seems like >> I must be doing something completely wrong, but I'm not really sure where to >> even start looking. >> >> Here's my logout action: >> >> public function logoutAction() { >>         Zend_Auth::getInstance()->clearIdentity(); >>         $this->_helper->redirector('/'); >> } >> >> Pretty simple, right? The redirect certainly works, but for some reason, >> I'm still logged in! I've even tried $_SESSION = ''; to brute force the >> session to be deleted, but there i am, still logged in. Anyone got any ideas >> on this one? How are you confirming that you're still logged in? Perhaps that's the issue? - jake > >     -- Bart McLeod Space Web Middenlaan 47 6865 VN Heveadorp The Netherlands t +31(0)26 3392952 m 06 51 51 89 71 @ i...@spaceweb.nl www.spaceweb.nl Bart McLeod is a Zend Certified Engineer. Click to verify!   -- Bart McLeod Space Web Middenlaan 47 6865 VN Heveadorp The Netherlands t +31(0)26 3392952 m 06 51 51 89 71 @ i...@spaceweb.nl www.spaceweb.nl Bart McLeod is a Zend Certified Engineer. Click to verify!