ZF-916: Zend_Auth_Storage_Session session storage broken

Issue Type: Bug Created: 2007-02-15T05:36:47.000+0000 Last Updated: 2007-07-05T14:43:49.000+0000 Status: Resolved Fix version(s): - 0.8.0 (21/Feb/07)

Reporter: Philip Iezzi (iezzip) Assignee: Darby Felton (darby) Tags: - Zend_Auth

Related issues: Attachments:


session storage of the authentication identity is broken in current rev 3422.

Mysticav reproduced this issue on fw-general list with the following code:

<pre class="highlight">

PseudoLoginController.php (first request)

$auth->authenticate(new Security_MyAuthAdapter('shahid','*******'));
$session=new Zend_Session_Namespace('Zend_Auth'); // returns Object id #27
$auth->hasIdentity(); // returns true. great !
$token->storage; // returns 'shahid'. great !

Until here, things are perfect. the session has been defined (I guess).
Now, I'm going to another page, expecting to gain access to the global
storage session ...

AnyOtherController.php (second request)

$auth=$this->getInvokeArg('auth'); // returns Object id #9 
$token=new Zend_Session_Namespace('Zend_Auth'); returns Object id #27
$auth->hasIdentity(); // returns false
print $token->storage; // returns nothing;

The session seems to be cleared right after initializing it in Zend_Auth_Storage_Session. Here's my workaround/fix:

<pre class="highlight">
Index: incubator/library/Zend/Auth/Storage/Session.php
--- incubator/library/Zend/Auth/Storage/Session.php     (revision 3422)
+++ incubator/library/Zend/Auth/Storage/Session.php     (working copy)
@@ -83,7 +83,6 @@
         $this->_namespace = $namespace;
         $this->_member    = $member;
         $this->_session   = new Zend_Session_Namespace($this->_namespace);
-        $this->clear();

and in case we want to clear the session, we better do this in the authenticate() method:

<pre class="highlight">
Index: incubator/library/Zend/Auth.php
--- incubator/library/Zend/Auth.php     (revision 3422)
+++ incubator/library/Zend/Auth.php     (working copy)
@@ -118,6 +118,7 @@
         $result = $adapter->authenticate();

         if ($result->isValid()) {
+            $this->getStorage()->clear();

Thanks for fixing!


Posted by Darby Felton (darby) on 2007-02-15T08:14:33.000+0000

I believe this should be fixed with SVN r3428. If not, please feel free to reopen the issue. Thanks for the report!

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.