tags:

views:

833

answers:

2
+2  Q: 

Zend Framework rememberMe() doesnt seem to remember me

My session seems to only be valid in the current window/tab. Also it seems to timeout quickly. Heres how I'm currently attempting to do it:

This is in my login controller:

$adapter = $this->getAuthAdapter($data);
$auth    = Zend_Auth::getInstance();
$result  = $auth->authenticate($adapter);

if (!$result->isValid()) {
    $this->view->err = "Invalid username or password.<br/>Please try again.";
    return $this->render('index'); // re-render the login form
}

Zend_Session::rememberMe(60*60*24*7*4);

And this is in my bootstrap:

Zend_Session::start();

I'm relatively new to some of this stuff, so bear with me! Any help would be greatly appreciated.

A: 

Looking through the source for zend_session, the rememberMe() method calls rememberUntil() which calls the built in php method session_set_cookie_params()

So you may wish to check your php.ini values for session.cookie_lifetime. If it isn't 0, then Zend_Session::rememberMe() would be useless unless the value is less than session.cookie_lifetime. In which case you would want to set it to 0 in either php.ini or in your application using ini_set() as indicated in the first comment on the session.cookie_lifetime man page.

Mark  2009-10-17 15:38:53
Hi Mark, sorry for the delayed response. I haven't thought to look here in a few days. cookie_lifetime is in fact set to 0. I have read that rememberMe needs to be called before session_start() so that session_set_cookie_params can set the lifetime. However I've also read that zend_session::start() should go in the bootstrap, where it is called before the login script runs and executes rememberMe(). Any thoughts?
Brian  2009-10-27 19:58:15
Give it a shot, stick the rememberMe call right after the session start. It can't hurt setting the timeout there since you aren't actually authenticating yet
Mark  2009-10-30 13:37:36
A: 

Here's what was happening. This website was on a server sharing a sessions folder with another website on the server. Even though I increased session lifetime with ini_set, my sessions were still being deleted by the other application.

To solve this I simply set session.save_path to a new folder. Problem solved!

Brian  2009-11-06 15:36:21

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication