I'm currently working on the login for a Zend Framework application, and I'm using a combination of Zend_Auth and Zend_Session using a database adapter (as described in the Zend Framework manuals).
I've made a resource for the session:
class DC_Resource_DbSession extends Zend_Application_Resource_ResourceAbstract{
public function init(){
}
public function setadapter($value){
$this->dbAdapter = $value;
}
public function setSession($adapter){
//put your code here
$config = array(
'name' => 'sessions',
'primary' => 'id',
'modifiedColumn' => 'modified',
'dataColumn' => 'data',
'lifetimeColumn' => 'lifetime',
'db' => $adapter
);
Zend_Session::setSaveHandler(new Zend_Session_SaveHandler_DbTable($config));
Zend_Session::setOptions(array('name'=>'MY_SESSION_NAME'));
Zend_Session::start();
}
}
Zend Auth then uses the session to store some rudimentary authentication information.
However, when testing the login (from the same IP) if one user in our office logs in and another user goes to the site, they are logged in as the user!!! Can anyone help me figure out why they are using each other's sessions?