ZF-8759: Zend_Auth_Storage_Session shouldn't start session on initialization

Issue Type: Performance Improvement Created: 2010-01-09T07:03:56.000+0000 Last Updated: 2012-11-06T19:38:04.000+0000 Status: Open Fix version(s): Reporter: Vladimir Razuvaev (vladar) Assignee: Ralph Schindler (ralph) Tags: - Zend_Auth

  • FixForZF1.12
  • NeedsPatch

Related issues: Attachments:


Currently Zend_Auth::hasIdentity() with default Zend_Auth_Storage_Session starts session even if session obviously doesn't exist (no COOKIE and session id param in request).

It causes session to start on each request, which is something you'd like to avoid in many cases. I propose first to check if Zend_Session::sessionExists() in methods "isEmpty" and "read" of Zend_Auth_Storage_Session and only then actually start the session.


Posted by Emmanuel Bouton (goten4) on 2012-04-03T15:06:24.000+0000


I agree with this improvement, Zend_Auth::hasIdentity() shouldn't start a new session if it doesn't exists. However, I suggest to modify directly the method Zend_Auth::hasIdentity() as below, because the session is created during the instanciation of the Zend_Auth_Storage_Session, in the method Zend_Auth::getStorage().

public function hasIdentity() { if (null !== $this->_storage) { return !$this->getStorage()->isEmpty(); } return false; }

Regards, Emmanuel

Posted by Jiří Nápravník (jirin_cz) on 2012-06-04T15:38:30.000+0000

I totally agree. It's neccessery with bigger projects. I have project, and there is about 1 million session files, and it's critical for server. And 90% of sessions are empty (only started by Zend_Auth)...

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.