In the current Zend_Auth design, authentication tokens are stored in the PHP session by default using Zend_Session. If this behavior is not desired (e.g., a user wishes to store the authentication token elsewhere or using a different approach than Zend_Session), then the user must disable session storage of authentication tokens explicitly by providing {{false}} as the value for the {{useSession}} option. This is a tight coupling to Zend_Session within Zend_Auth.

Authentication token storage is not otherwise addressed by the current design. If we have a storage interface for the authentication tokens, then various storage mechanisms could be developed by users, and some might even make their way into the framework. Zend_Auth could then be storage agnostic, and unit testing may be improved by allowing for creation of mock storage objects. This is a bit of an implementation detail and would not need to be known by many users, but those who would store authentication tokens other than via Zend_Session would certainly benefit from abstracting the storage mechanism.

An example storage interface by [~ralph]:

interface Zend_Auth_Storage_Interface
{
    /**
     * has() - Method for checking if a value exists for supplied key
     *
     * @param string $name
     * @return bool
     */
    public function has($name);
    
    
    /**
     * get() - Method for getting a value for supplied key
     *
     * @param string $name
     * @return mixed
     */
    public function get($name);
    
    
    /**
     * set() - Method for setting a name/value pair
     *
     * @param string $name
     * @param mixed $value
     */
    public function set($name, $value);
    
    
    /**
     * remove() - Method for removing a key from storage
     *
     * @param string $name
     */
    public function remove($name);
    
    
}