Zend session getting wiped with failed login

StackOverflow https://stackoverflow.com/questions/12403899

  •  01-07-2021
  •  | 
  •  

Question

I have a problem with my Zend_Auth function.

I have a web app that prompts a user with a login box when the key in the Zend_Auth session times out. When the user logs in with the correct credentials the key in the session is reset back to true. However when the user enters the wrong credentials all the keys in the session get wiped and the session is longer valid?

I am wondering if the Zend_Auth::getInstance() function is wiping it to start a fresh?

Any ideas?

protected function _process($values)
{
  // grab data from config
  $iniTime = Zend_Registry::get('config')->inactive->session;
  $expireTime = $iniTime->timeout;
  $realIP = new Application_Model_RealIP();
  // Get our authentication adapter and check credentials
  $adapter = $this->_getAuthAdapter();
  $adapter->setIdentity($values['email']);
  //$pwEncode->encode_password($values['password'])
  $adapter->setCredential($values['password']);
  $auth = Zend_Auth::getInstance();
  $result = $auth->authenticate($adapter);
    if ($result->isValid()) {
        $user = $adapter->getResultRowObject();
        $user->session_IP = $realIP->getRealIpAddr();
        $auth->getStorage()->write($user);
        //check whether the client is authenticated
        $session = new Zend_Session_Namespace('new_session');
        // Set "dummy" key with expiration
        $session->key = true;
        $session->setExpirationSeconds( $expireTime, 'key' );
        return true;
     }
   return false;
}

Link to the auth function that calls the _process method link

Was it helpful?

Solution

From what I can tell you need to _forward() (preserves the request) or _redirect() (new request) back to the login, either as a result of a failed authenticate() in _process() or somewhere between line 60 and 100 in authAction().

From what I've been reading it seems as though a failed login is logged and the db is updated but then ... nothing. No redirect, no forward, just a header set to 500 and a message generated.

Hope this helps. I hope I didn't miss it completely.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top