ZF-916: Zend_Auth_Storage_Session session storage broken

Description

session storage of the authentication identity is broken in current rev 3422.

Mysticav reproduced this issue on fw-general list with the following code:


$auth=Zend_Auth::getInstance();

PseudoLoginController.php (first request)

$auth->authenticate(new Security_MyAuthAdapter('shahid','*******'));
$session=new Zend_Session_Namespace('Zend_Auth'); // returns Object id #27
$auth->hasIdentity(); // returns true. great !
$token->storage; // returns 'shahid'. great !

Until here, things are perfect. the session has been defined (I guess).
Now, I'm going to another page, expecting to gain access to the global
storage session ...

AnyOtherController.php (second request)

$auth=$this->getInvokeArg('auth'); // returns Object id #9 
$token=new Zend_Session_Namespace('Zend_Auth'); returns Object id #27
$auth->hasIdentity(); // returns false
print $token->storage; // returns nothing;

The session seems to be cleared right after initializing it in Zend_Auth_Storage_Session. Here's my workaround/fix:


Index: incubator/library/Zend/Auth/Storage/Session.php
===================================================================
--- incubator/library/Zend/Auth/Storage/Session.php     (revision 3422)
+++ incubator/library/Zend/Auth/Storage/Session.php     (working copy)
@@ -83,7 +83,6 @@
         $this->_namespace = $namespace;
         $this->_member    = $member;
         $this->_session   = new Zend_Session_Namespace($this->_namespace);
-        $this->clear();
     }

and in case we want to clear the session, we better do this in the authenticate() method:


Index: incubator/library/Zend/Auth.php
===================================================================
--- incubator/library/Zend/Auth.php     (revision 3422)
+++ incubator/library/Zend/Auth.php     (working copy)
@@ -118,6 +118,7 @@
         $result = $adapter->authenticate();

         if ($result->isValid()) {
+            $this->getStorage()->clear();
             $this->getStorage()->write($result->getIdentity());
         }

Thanks for fixing!

Comments

I believe this should be fixed with SVN r3428. If not, please feel free to reopen the issue. Thanks for the report!