views:

833

answers:

2

My session seems to only be valid in the current window/tab. Also it seems to timeout quickly. Heres how I'm currently attempting to do it:

This is in my login controller:

$adapter = $this->getAuthAdapter($data);
$auth    = Zend_Auth::getInstance();
$result  = $auth->authenticate($adapter);

if (!$result->isValid()) {
    $this->view->err = "Invalid username or password.<br/>Please try again.";
    return $this->render('index'); // re-render the login form
}

Zend_Session::rememberMe(60*60*24*7*4);

And this is in my bootstrap:

Zend_Session::start();

I'm relatively new to some of this stuff, so bear with me! Any help would be greatly appreciated.

A: 

Looking through the source for zend_session, the rememberMe() method calls rememberUntil() which calls the built in php method session_set_cookie_params()

So you may wish to check your php.ini values for session.cookie_lifetime. If it isn't 0, then Zend_Session::rememberMe() would be useless unless the value is less than session.cookie_lifetime. In which case you would want to set it to 0 in either php.ini or in your application using ini_set() as indicated in the first comment on the session.cookie_lifetime man page.

Mark
Hi Mark, sorry for the delayed response. I haven't thought to look here in a few days. cookie_lifetime is in fact set to 0. I have read that rememberMe needs to be called before session_start() so that session_set_cookie_params can set the lifetime. However I've also read that zend_session::start() should go in the bootstrap, where it is called before the login script runs and executes rememberMe(). Any thoughts?
Brian
Give it a shot, stick the rememberMe call right after the session start. It can't hurt setting the timeout there since you aren't actually authenticating yet
Mark
A: 

Here's what was happening. This website was on a server sharing a sessions folder with another website on the server. Even though I increased session lifetime with ini_set, my sessions were still being deleted by the other application.

To solve this I simply set session.save_path to a new folder. Problem solved!

Brian