ZF-8759: Zend_Auth_Storage_Session shouldn't start session on initialization

Description

Currently Zend_Auth::hasIdentity() with default Zend_Auth_Storage_Session starts session even if session obviously doesn't exist (no COOKIE and session id param in request).

It causes session to start on each request, which is something you'd like to avoid in many cases. I propose first to check if Zend_Session::sessionExists() in methods "isEmpty" and "read" of Zend_Auth_Storage_Session and only then actually start the session.

Comments

Hello,

I agree with this improvement, Zend_Auth::hasIdentity() shouldn't start a new session if it doesn't exists. However, I suggest to modify directly the method Zend_Auth::hasIdentity() as below, because the session is created during the instanciation of the Zend_Auth_Storage_Session, in the method Zend_Auth::getStorage().

public function hasIdentity() { if (null !== $this->_storage) { return !$this->getStorage()->isEmpty(); } return false; }

Regards, Emmanuel

I totally agree. It's neccessery with bigger projects. I have project, and there is about 1 million session files, and it's critical for server. And 90% of sessions are empty (only started by Zend_Auth)...