Zend Framework

remember_me_seconds in ini file does not change cookie lifetime

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Minor Minor
  • Resolution: Not an Issue
  • Affects Version/s: 1.5.1
  • Fix Version/s: 1.8.2
  • Component/s: Zend_Session
  • Labels:
    None
  • Fix Version Priority:
    Should Have

Description

When loading Zend_Session options via an ini file using the Zend_Session::setOptions() function, the remember_me_seconds setting in the ini file does not change the cookie lifetime. Cookie lifetime does change if the programmer calls Zend_Session::rememberMe().

Zend_Session::rememberMe() internally calls Zend_Session::rememberUntil() to set the cookie lifetime. However, Zend_Session::setOptions() does not call rememberUntil() on the remember_me_seconds option and so the cookie lifetime does not get set.

This can be mitigated by using Zend_Session::rememberMe() for this one option.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Wil Sinclair added a comment -

Please evaluate and fix/categorize as necessary.

Show
Wil Sinclair added a comment - Please evaluate and fix/categorize as necessary.
Hide
Permalink
Ralph Schindler added a comment -

Actually, this is the desired behavior. The goal of the rememberMe feature is to be able to modify the cookie_lifetime of an already started session, without destroying the existing session.

So by setting the value of remember_me_seconds via an ini value, you are saying that when you call rememberMe(), it will use the value provided by the ini setting.

To be able to change the cookie lifetime for all sessions from when they first start, use the cookie_lifetime setting:

Zend_Session::setOptions(array('cookie_lifetime' => $someLongValue));

In summary the options are:
cookie_lifetime - initial lifetime for all sessions
remember_me_seconds - the value to chage the lifetime of a cookie to if this feature is opted into (thus, the application called Zend_Session::rememberMe())

Presumably, by the time you get a screen to present the user with the rememberMe() feature, they have already started the default session in your application.

Make sense?

Show
Ralph Schindler added a comment - Actually, this is the desired behavior. The goal of the rememberMe feature is to be able to modify the cookie_lifetime of an already started session, without destroying the existing session. So by setting the value of remember_me_seconds via an ini value, you are saying that when you call rememberMe(), it will use the value provided by the ini setting. To be able to change the cookie lifetime for all sessions from when they first start, use the cookie_lifetime setting: 
Zend_Session::setOptions(array('cookie_lifetime' => $someLongValue));
In summary the options are: cookie_lifetime - initial lifetime for all sessions remember_me_seconds - the value to chage the lifetime of a cookie to if this feature is opted into (thus, the application called Zend_Session::rememberMe()) Presumably, by the time you get a screen to present the user with the rememberMe() feature, they have already started the default session in your application. Make sense?

People

Vote (4)
Watch (3)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Zend Framework. Try JIRA - bug tracking software for your team.