RE: [fw-general] Zend_Session::start() and remember me
On my local Windows machine output buffering is 4096 but I know Apache on Windows is a bit weird with output anyway in that flush() won't actually flush. I tested on a linux server and it also worked, output buffering was set to "no value" according to phpinfo(). -Original Message- From: Darby Felton [mailto:[EMAIL PROTECTED] Sent: Friday, 7 December 2007 11:24 PM To: Steven Brown Cc: 'Laurent Melmoux'; 'Zend Framework General' Subject: Re: [fw-general] Zend_Session::start() and remember me Maybe you have output buffering enabled? Steven Brown wrote: > Actually I found I could call Zend_Session::rememberMe() after > Zend_Session::start() and it works. > > I call Zend_Session::start() in my bootstrap and Zend_Session::rememberMe() > in my login action. > > I expected it to not work after reading the manual however it seems to work > fine. > > -Original Message- > From: Laurent Melmoux [mailto:[EMAIL PROTECTED] > Sent: Friday, 7 December 2007 1:34 AM > To: Darby Felton > Cc: Zend Framework General > Subject: Re: [fw-general] Zend_Session::start() and remember me > > Darby Felton a écrit : > >> >>> d1. what happens now is the client is sent a cookie named > REMEMBERME=true, >>> e. The next page visit that Zend_Session is started on will see the >>> REMEMBERME cookie, then change the SESSION COOKIE to a persistent cookie >>> (for as long as the remember me secionds value). The REMEMBERME cookie >>> is then destroyed as its served its purpose. f. Now you have a session >>> cookie that will end at a specific time in the future, not when the >>> browser closes. >>> >>> I’m going to use this technique to solve my problem >>> >> Yes, Ralph's explanation is fine and correct and does not conflict with >> the crux of my last message - that rememberMe() must be called before >> the session is started. >> > > Yes I totally agree with that. > > I think I don’t explain myself very well :). > > My original question was, how can I keep Zend_Session::start() at the > beginning of my bootstrap and at the same time have my Auth Controller > works with the remember me fiture. > > So now I have an answer, by using Ralph technique, I can set a cookie in > the AuthController to notifies my bootstrap, to call > Zend_Session::remeberMe()in my next page load. > > Actually, I got mixed up with the session remember me and the > authentification remember me. It is 2 things even though the > authentification remember me is tight couple with the session.( may be > Zend_Session::setDuration() would be less confusing ? ) > >> >>> But I'm wondering why it haven’t been implemented this way? Well, I >>> guess that Zend_Session ::rememberMe() is not specific to > authentification. >>> What do you think of a Zend_Auth::setRememberMe() to place in your Auth >>> Controller and a Zend_Auth::rememberMe() in the bootstrap that well >>> check for a specific cookie then proxy to Zend_Session ::rememberMe() ? >>> >>> >>> Darby Felton a écrit : >>> >>>> Hi Laurent, >>>> >>>> IIRC, Zend_Session::rememberMe() uses session_set_cookie_params(). Thus, >>>> it must be called before the session is started to work properly. This >>>> is documented here: >>>> >>>> > http://framework.zend.com/manual/en/zend.session.global_session_management.h > tml#zend.session.global_session_management.rememberme >>>> >>>> Sorry for the long URL. :) >>>> >>>> Best regards, >>>> Darby >>>> >>>> Laurent Melmoux wrote: >>>> >>>> >>>>> Hi all, >>>>> >>>>> Until now I had call Zend_Session::start() at the beginning of > bootstrap >>>>> file, so far so good. >>>>> >>>>> But now, I would like to add a remember me option on my login form, so >>>>> if the authentification succeed and the remember me have been checked I >>>>> call Zend_Session::rememberMe()... But it won’t work because the > session >>>>> is already started! >>>>> >>>>> What do you consider as best practice to deal with this use case? >>>>> Where Zend_Session::start() should be called ? >>>>> >>>>> Regards >>>>> >>>>> >>>>> >>>> >>>> >>> >> > >
Re: [fw-general] Zend_Session::start() and remember me
Maybe you have output buffering enabled? Steven Brown wrote: > Actually I found I could call Zend_Session::rememberMe() after > Zend_Session::start() and it works. > > I call Zend_Session::start() in my bootstrap and Zend_Session::rememberMe() > in my login action. > > I expected it to not work after reading the manual however it seems to work > fine. > > -Original Message- > From: Laurent Melmoux [mailto:[EMAIL PROTECTED] > Sent: Friday, 7 December 2007 1:34 AM > To: Darby Felton > Cc: Zend Framework General > Subject: Re: [fw-general] Zend_Session::start() and remember me > > Darby Felton a écrit : > >> >>> d1. what happens now is the client is sent a cookie named > REMEMBERME=true, >>> e. The next page visit that Zend_Session is started on will see the >>> REMEMBERME cookie, then change the SESSION COOKIE to a persistent cookie >>> (for as long as the remember me secionds value). The REMEMBERME cookie >>> is then destroyed as its served its purpose. f. Now you have a session >>> cookie that will end at a specific time in the future, not when the >>> browser closes. >>> >>> I’m going to use this technique to solve my problem >>> >> Yes, Ralph's explanation is fine and correct and does not conflict with >> the crux of my last message - that rememberMe() must be called before >> the session is started. >> > > Yes I totally agree with that. > > I think I don’t explain myself very well :). > > My original question was, how can I keep Zend_Session::start() at the > beginning of my bootstrap and at the same time have my Auth Controller > works with the remember me fiture. > > So now I have an answer, by using Ralph technique, I can set a cookie in > the AuthController to notifies my bootstrap, to call > Zend_Session::remeberMe()in my next page load. > > Actually, I got mixed up with the session remember me and the > authentification remember me. It is 2 things even though the > authentification remember me is tight couple with the session.( may be > Zend_Session::setDuration() would be less confusing ? ) > >> >>> But I'm wondering why it haven’t been implemented this way? Well, I >>> guess that Zend_Session ::rememberMe() is not specific to > authentification. >>> What do you think of a Zend_Auth::setRememberMe() to place in your Auth >>> Controller and a Zend_Auth::rememberMe() in the bootstrap that well >>> check for a specific cookie then proxy to Zend_Session ::rememberMe() ? >>> >>> >>> Darby Felton a écrit : >>> >>>> Hi Laurent, >>>> >>>> IIRC, Zend_Session::rememberMe() uses session_set_cookie_params(). Thus, >>>> it must be called before the session is started to work properly. This >>>> is documented here: >>>> >>>> > http://framework.zend.com/manual/en/zend.session.global_session_management.h > tml#zend.session.global_session_management.rememberme >>>> >>>> Sorry for the long URL. :) >>>> >>>> Best regards, >>>> Darby >>>> >>>> Laurent Melmoux wrote: >>>> >>>> >>>>> Hi all, >>>>> >>>>> Until now I had call Zend_Session::start() at the beginning of > bootstrap >>>>> file, so far so good. >>>>> >>>>> But now, I would like to add a remember me option on my login form, so >>>>> if the authentification succeed and the remember me have been checked I >>>>> call Zend_Session::rememberMe()... But it won’t work because the > session >>>>> is already started! >>>>> >>>>> What do you consider as best practice to deal with this use case? >>>>> Where Zend_Session::start() should be called ? >>>>> >>>>> Regards >>>>> >>>>> >>>>> >>>> >>>> >>> >> > >
Re: [fw-general] Re: *** PROBABLY SPAM *** RE: [fw-general] Zend_Session::start() and remember me
session_set_cookie_params() must be called before session_start() as
session_start() will send the cookie headers;
To demonstrate that behavior, just run this :
:
>
> After login the details are as follows:
>
> array(5) { ["lifetime"]=> int(604800) ["path"]=> string(1) "/"
> ["domain"]=>
> string(0) "" ["secure"]=> bool(false) ["httponly"]=> bool(false) }
>
> After redirect they are as follows:
>
> array(5) { ["lifetime"]=> int(0) ["path"]=> string(1) "/" ["domain"]=>
> string(0) "" ["secure"]=> bool(false) ["httponly"]=> bool(false) }
>
> Notice I had to turn off the redirect to get the first result.
>
> Note my remember me line is:
>
> Zend_Session::rememberMe(60 * 60 * 24 * 7); // Remember me for 7 days
>
> This is 604800.
>
> Cheers,
> Steven
>
> -Original Message-----
> From: Laurent Melmoux [mailto:[EMAIL PROTECTED]
> Sent: Friday, 7 December 2007 8:24 PM
> To: Steven Brown
> Cc: 'Darby Felton'; 'Zend Framework General'
> Subject: [fw-general] Re: *** PROBABLY SPAM *** RE: [fw-general]
> Zend_Session::start() and remember me
>
> Do var_dump(session_get_cookie_params()) at the end of your bootstrap
> If you have :
> 'lifetime' => int 1209600 then it is working.
>
> If I call Zend_Session::rememberMe() in my authController I have
> 'lifetime' => int 0 which mean the cookie will die when the browser get
> closed.
>
> Steven Brown a écrit :
> > Yes it definitely works, I login (ticking remember me), close the
> browser,
> > open the browser again and it remembers me.
> >
> > I thought I had to set remember me before starting the session however I
> > found someone else had done the same as I have, and on testing it works.
> >
> > I wonder is the cookie set only when needed, or is the remember me
> cookie
> > set on the next request, which may be caused by my redirect?
> >
> > -Original Message-
> > From: Laurent Melmoux [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 7 December 2007 5:35 PM
> > To: Steven Brown
> > Cc: 'Darby Felton'; 'Zend Framework General'
> > Subject: Re: [fw-general] Zend_Session::start() and remember me
> >
> > Are you sure it is working? Zend_Session::rememberMe() is calling
> > Zend_Session::rememberUntil() which is calling the php function
> > session_set_cookie_params () (http://php.net/session_set_cookie_params)
> > . This function configures the cookie use by the session. As Darby said
> > it should be called before session_start() to work.
> >
> > Finally here is how I solve this issue:
> >
> > *In my AuthController, after a successful authentification :*
> >
> > // Set a cookie to notify the bootstrap how long the session cookie
> > should last
> > $duration = $this->_form->rememberme ? 1209600 : 0;
> > setcookie("Zend_Auth_RememberMe", $duration, time()+6000, '/');
> >
> > *In my bootstrap:*
> >
> > // Session
> > include 'Zend/Session.php';
> > if(isset($_COOKIE["Zend_Auth_RememberMe"])){
> > Zend_Session::rememberUntil($_COOKIE["Zend_Auth_RememberMe"]);
> > unset($_COOKIE["Zend_Auth_RememberMe"]);
> > }
> > Zend_Session::start();
> >
> > Regards,
> >
> >
>
>
> --
> Laurent Melmoux - [EMAIL PROTECTED]
> Annecy - France
>
>
>
>
RE: [fw-general] Re: *** PROBABLY SPAM *** RE: [fw-general] Zend_Session::start() and remember me
After login the details are as follows:
array(5) { ["lifetime"]=> int(604800) ["path"]=> string(1) "/" ["domain"]=>
string(0) "" ["secure"]=> bool(false) ["httponly"]=> bool(false) }
After redirect they are as follows:
array(5) { ["lifetime"]=> int(0) ["path"]=> string(1) "/" ["domain"]=>
string(0) "" ["secure"]=> bool(false) ["httponly"]=> bool(false) }
Notice I had to turn off the redirect to get the first result.
Note my remember me line is:
Zend_Session::rememberMe(60 * 60 * 24 * 7); // Remember me for 7 days
This is 604800.
Cheers,
Steven
-Original Message-
From: Laurent Melmoux [mailto:[EMAIL PROTECTED]
Sent: Friday, 7 December 2007 8:24 PM
To: Steven Brown
Cc: 'Darby Felton'; 'Zend Framework General'
Subject: [fw-general] Re: *** PROBABLY SPAM *** RE: [fw-general]
Zend_Session::start() and remember me
Do var_dump(session_get_cookie_params()) at the end of your bootstrap
If you have :
'lifetime' => int 1209600 then it is working.
If I call Zend_Session::rememberMe() in my authController I have
'lifetime' => int 0 which mean the cookie will die when the browser get
closed.
Steven Brown a écrit :
> Yes it definitely works, I login (ticking remember me), close the browser,
> open the browser again and it remembers me.
>
> I thought I had to set remember me before starting the session however I
> found someone else had done the same as I have, and on testing it works.
>
> I wonder is the cookie set only when needed, or is the remember me cookie
> set on the next request, which may be caused by my redirect?
>
> -----Original Message-
> From: Laurent Melmoux [mailto:[EMAIL PROTECTED]
> Sent: Friday, 7 December 2007 5:35 PM
> To: Steven Brown
> Cc: 'Darby Felton'; 'Zend Framework General'
> Subject: Re: [fw-general] Zend_Session::start() and remember me
>
> Are you sure it is working? Zend_Session::rememberMe() is calling
> Zend_Session::rememberUntil() which is calling the php function
> session_set_cookie_params () (http://php.net/session_set_cookie_params)
> . This function configures the cookie use by the session. As Darby said
> it should be called before session_start() to work.
>
> Finally here is how I solve this issue:
>
> *In my AuthController, after a successful authentification :*
>
> // Set a cookie to notify the bootstrap how long the session cookie
> should last
> $duration = $this->_form->rememberme ? 1209600 : 0;
> setcookie("Zend_Auth_RememberMe", $duration, time()+6000, '/');
>
> *In my bootstrap:*
>
> // Session
> include 'Zend/Session.php';
> if(isset($_COOKIE["Zend_Auth_RememberMe"])){
> Zend_Session::rememberUntil($_COOKIE["Zend_Auth_RememberMe"]);
> unset($_COOKIE["Zend_Auth_RememberMe"]);
> }
> Zend_Session::start();
>
> Regards,
>
>
--
Laurent Melmoux - [EMAIL PROTECTED]
Annecy - France
[fw-general] Re: *** PROBABLY SPAM *** RE: [fw-general] Zend_Session::start() and remember me
Do var_dump(session_get_cookie_params()) at the end of your bootstrap
If you have :
'lifetime' => int 1209600 then it is working.
If I call Zend_Session::rememberMe() in my authController I have
'lifetime' => int 0 which mean the cookie will die when the browser get
closed.
Steven Brown a écrit :
Yes it definitely works, I login (ticking remember me), close the browser,
open the browser again and it remembers me.
I thought I had to set remember me before starting the session however I
found someone else had done the same as I have, and on testing it works.
I wonder is the cookie set only when needed, or is the remember me cookie
set on the next request, which may be caused by my redirect?
-Original Message-
From: Laurent Melmoux [mailto:[EMAIL PROTECTED]
Sent: Friday, 7 December 2007 5:35 PM
To: Steven Brown
Cc: 'Darby Felton'; 'Zend Framework General'
Subject: Re: [fw-general] Zend_Session::start() and remember me
Are you sure it is working? Zend_Session::rememberMe() is calling
Zend_Session::rememberUntil() which is calling the php function
session_set_cookie_params () (http://php.net/session_set_cookie_params)
. This function configures the cookie use by the session. As Darby said
it should be called before session_start() to work.
Finally here is how I solve this issue:
*In my AuthController, after a successful authentification :*
// Set a cookie to notify the bootstrap how long the session cookie
should last
$duration = $this->_form->rememberme ? 1209600 : 0;
setcookie("Zend_Auth_RememberMe", $duration, time()+6000, '/');
*In my bootstrap:*
// Session
include 'Zend/Session.php';
if(isset($_COOKIE["Zend_Auth_RememberMe"])){
Zend_Session::rememberUntil($_COOKIE["Zend_Auth_RememberMe"]);
unset($_COOKIE["Zend_Auth_RememberMe"]);
}
Zend_Session::start();
Regards,
--
Laurent Melmoux - [EMAIL PROTECTED]
Annecy - France
RE: [fw-general] Zend_Session::start() and remember me
Yes it definitely works, I login (ticking remember me), close the browser,
open the browser again and it remembers me.
I thought I had to set remember me before starting the session however I
found someone else had done the same as I have, and on testing it works.
I wonder is the cookie set only when needed, or is the remember me cookie
set on the next request, which may be caused by my redirect?
-Original Message-
From: Laurent Melmoux [mailto:[EMAIL PROTECTED]
Sent: Friday, 7 December 2007 5:35 PM
To: Steven Brown
Cc: 'Darby Felton'; 'Zend Framework General'
Subject: Re: [fw-general] Zend_Session::start() and remember me
Are you sure it is working? Zend_Session::rememberMe() is calling
Zend_Session::rememberUntil() which is calling the php function
session_set_cookie_params () (http://php.net/session_set_cookie_params)
. This function configures the cookie use by the session. As Darby said
it should be called before session_start() to work.
Finally here is how I solve this issue:
*In my AuthController, after a successful authentification :*
// Set a cookie to notify the bootstrap how long the session cookie
should last
$duration = $this->_form->rememberme ? 1209600 : 0;
setcookie("Zend_Auth_RememberMe", $duration, time()+6000, '/');
*In my bootstrap:*
// Session
include 'Zend/Session.php';
if(isset($_COOKIE["Zend_Auth_RememberMe"])){
Zend_Session::rememberUntil($_COOKIE["Zend_Auth_RememberMe"]);
unset($_COOKIE["Zend_Auth_RememberMe"]);
}
Zend_Session::start();
Regards,
--
Laurent Melmoux - [EMAIL PROTECTED]
Annecy - France
Steven Brown a écrit :
> Actually I found I could call Zend_Session::rememberMe() after
> Zend_Session::start() and it works.
>
> I call Zend_Session::start() in my bootstrap and
Zend_Session::rememberMe()
> in my login action.
>
> I expected it to not work after reading the manual however it seems to
work
> fine.
>
> -Original Message-
> From: Laurent Melmoux [mailto:[EMAIL PROTECTED]
> Sent: Friday, 7 December 2007 1:34 AM
> To: Darby Felton
> Cc: Zend Framework General
> Subject: Re: [fw-general] Zend_Session::start() and remember me
>
> Darby Felton a écrit :
>
>
>>
>>
>>> d1. what happens now is the client is sent a cookie named
>>>
> REMEMBERME=true,
>
>>> e. The next page visit that Zend_Session is started on will see the
>>> REMEMBERME cookie, then change the SESSION COOKIE to a persistent cookie
>>> (for as long as the remember me secionds value). The REMEMBERME cookie
>>> is then destroyed as its served its purpose. f. Now you have a session
>>> cookie that will end at a specific time in the future, not when the
>>> browser closes.
>>>
>>> Im going to use this technique to solve my problem
>>>
>>>
>> Yes, Ralph's explanation is fine and correct and does not conflict with
>> the crux of my last message - that rememberMe() must be called before
>> the session is started.
>>
>>
>
> Yes I totally agree with that.
>
> I think I dont explain myself very well :).
>
> My original question was, how can I keep Zend_Session::start() at the
> beginning of my bootstrap and at the same time have my Auth Controller
> works with the remember me fiture.
>
> So now I have an answer, by using Ralph technique, I can set a cookie in
> the AuthController to notifies my bootstrap, to call
> Zend_Session::remeberMe()in my next page load.
>
> Actually, I got mixed up with the session remember me and the
> authentification remember me. It is 2 things even though the
> authentification remember me is tight couple with the session.( may be
> Zend_Session::setDuration() would be less confusing ? )
>
>
>>
>>
>>> But I'm wondering why it havent been implemented this way? Well, I
>>> guess that Zend_Session ::rememberMe() is not specific to
>>>
> authentification.
>
>>> What do you think of a Zend_Auth::setRememberMe() to place in your Auth
>>> Controller and a Zend_Auth::rememberMe() in the bootstrap that well
>>> check for a specific cookie then proxy to Zend_Session ::rememberMe() ?
>>>
>>>
>>> Darby Felton a écrit :
>>>
>>>
>>>> Hi Laurent,
>>>>
>>>> IIRC, Zend_Session::rememberMe() uses session_set_cookie_params().
Thus,
>>>> it must be called before the session is started to work properly. This
>>>> is documented here:
>>>>
>>>>
>>>>
>
http://framework.zend.com/manual/en/zend.session.global_ses
Re: [fw-general] Zend_Session::start() and remember me
Are you sure it is working? Zend_Session::rememberMe() is calling
Zend_Session::rememberUntil() which is calling the php function
session_set_cookie_params () (http://php.net/session_set_cookie_params)
. This function configures the cookie use by the session. As Darby said
it should be called before session_start() to work.
Finally here is how I solve this issue:
*In my AuthController, after a successful authentification :*
// Set a cookie to notify the bootstrap how long the session cookie
should last
$duration = $this->_form->rememberme ? 1209600 : 0;
setcookie("Zend_Auth_RememberMe", $duration, time()+6000, '/');
*In my bootstrap:*
// Session
include 'Zend/Session.php';
if(isset($_COOKIE["Zend_Auth_RememberMe"])){
Zend_Session::rememberUntil($_COOKIE["Zend_Auth_RememberMe"]);
unset($_COOKIE["Zend_Auth_RememberMe"]);
}
Zend_Session::start();
Regards,
--
Laurent Melmoux - [EMAIL PROTECTED]
Annecy - France
Steven Brown a écrit :
Actually I found I could call Zend_Session::rememberMe() after
Zend_Session::start() and it works.
I call Zend_Session::start() in my bootstrap and Zend_Session::rememberMe()
in my login action.
I expected it to not work after reading the manual however it seems to work
fine.
-Original Message-
From: Laurent Melmoux [mailto:[EMAIL PROTECTED]
Sent: Friday, 7 December 2007 1:34 AM
To: Darby Felton
Cc: Zend Framework General
Subject: Re: [fw-general] Zend_Session::start() and remember me
Darby Felton a écrit :
d1. what happens now is the client is sent a cookie named
REMEMBERME=true,
e. The next page visit that Zend_Session is started on will see the
REMEMBERME cookie, then change the SESSION COOKIE to a persistent cookie
(for as long as the remember me secionds value). The REMEMBERME cookie
is then destroyed as its served its purpose. f. Now you have a session
cookie that will end at a specific time in the future, not when the
browser closes.
I’m going to use this technique to solve my problem
Yes, Ralph's explanation is fine and correct and does not conflict with
the crux of my last message - that rememberMe() must be called before
the session is started.
Yes I totally agree with that.
I think I don’t explain myself very well :).
My original question was, how can I keep Zend_Session::start() at the
beginning of my bootstrap and at the same time have my Auth Controller
works with the remember me fiture.
So now I have an answer, by using Ralph technique, I can set a cookie in
the AuthController to notifies my bootstrap, to call
Zend_Session::remeberMe()in my next page load.
Actually, I got mixed up with the session remember me and the
authentification remember me. It is 2 things even though the
authentification remember me is tight couple with the session.( may be
Zend_Session::setDuration() would be less confusing ? )
But I'm wondering why it haven’t been implemented this way? Well, I
guess that Zend_Session ::rememberMe() is not specific to
authentification.
What do you think of a Zend_Auth::setRememberMe() to place in your Auth
Controller and a Zend_Auth::rememberMe() in the bootstrap that well
check for a specific cookie then proxy to Zend_Session ::rememberMe() ?
Darby Felton a écrit :
Hi Laurent,
IIRC, Zend_Session::rememberMe() uses session_set_cookie_params(). Thus,
it must be called before the session is started to work properly. This
is documented here:
http://framework.zend.com/manual/en/zend.session.global_session_management.h
tml#zend.session.global_session_management.rememberme
Sorry for the long URL. :)
Best regards,
Darby
Laurent Melmoux wrote:
Hi all,
Until now I had call Zend_Session::start() at the beginning of
bootstrap
file, so far so good.
But now, I would like to add a remember me option on my login form, so
if the authentification succeed and the remember me have been checked I
call Zend_Session::rememberMe()... But it won’t work because the
session
is already started!
What do you consider as best practice to deal with this use case?
Where Zend_Session::start() should be called ?
Regards
RE: [fw-general] Zend_Session::start() and remember me
Actually I found I could call Zend_Session::rememberMe() after Zend_Session::start() and it works. I call Zend_Session::start() in my bootstrap and Zend_Session::rememberMe() in my login action. I expected it to not work after reading the manual however it seems to work fine. -Original Message- From: Laurent Melmoux [mailto:[EMAIL PROTECTED] Sent: Friday, 7 December 2007 1:34 AM To: Darby Felton Cc: Zend Framework General Subject: Re: [fw-general] Zend_Session::start() and remember me Darby Felton a écrit : > >> d1. what happens now is the client is sent a cookie named REMEMBERME=true, >> >> e. The next page visit that Zend_Session is started on will see the >> REMEMBERME cookie, then change the SESSION COOKIE to a persistent cookie >> (for as long as the remember me secionds value). The REMEMBERME cookie >> is then destroyed as its served its purpose. f. Now you have a session >> cookie that will end at a specific time in the future, not when the >> browser closes. >> >> Im going to use this technique to solve my problem >> > > Yes, Ralph's explanation is fine and correct and does not conflict with > the crux of my last message - that rememberMe() must be called before > the session is started. > Yes I totally agree with that. I think I dont explain myself very well :). My original question was, how can I keep Zend_Session::start() at the beginning of my bootstrap and at the same time have my Auth Controller works with the remember me fiture. So now I have an answer, by using Ralph technique, I can set a cookie in the AuthController to notifies my bootstrap, to call Zend_Session::remeberMe()in my next page load. Actually, I got mixed up with the session remember me and the authentification remember me. It is 2 things even though the authentification remember me is tight couple with the session.( may be Zend_Session::setDuration() would be less confusing ? ) > >> But I'm wondering why it havent been implemented this way? Well, I >> guess that Zend_Session ::rememberMe() is not specific to authentification. >> What do you think of a Zend_Auth::setRememberMe() to place in your Auth >> Controller and a Zend_Auth::rememberMe() in the bootstrap that well >> check for a specific cookie then proxy to Zend_Session ::rememberMe() ? >> >> >> Darby Felton a écrit : >> >>> Hi Laurent, >>> >>> IIRC, Zend_Session::rememberMe() uses session_set_cookie_params(). Thus, >>> it must be called before the session is started to work properly. This >>> is documented here: >>> >>> http://framework.zend.com/manual/en/zend.session.global_session_management.h tml#zend.session.global_session_management.rememberme >>> >>> >>> Sorry for the long URL. :) >>> >>> Best regards, >>> Darby >>> >>> Laurent Melmoux wrote: >>> >>> >>>> Hi all, >>>> >>>> Until now I had call Zend_Session::start() at the beginning of bootstrap >>>> file, so far so good. >>>> >>>> But now, I would like to add a remember me option on my login form, so >>>> if the authentification succeed and the remember me have been checked I >>>> call Zend_Session::rememberMe()... But it wont work because the session >>>> is already started! >>>> >>>> What do you consider as best practice to deal with this use case? >>>> Where Zend_Session::start() should be called ? >>>> >>>> Regards >>>> >>>> >>>> >>> >>> >> > > -- Laurent Melmoux - [EMAIL PROTECTED] Annecy - France Tél : 09 50 74 38 01 Portable : 06 71 09 52 26
Re: [fw-general] Zend_Session::start() and remember me
Darby Felton a écrit : d1. what happens now is the client is sent a cookie named REMEMBERME=true, e. The next page visit that Zend_Session is started on will see the REMEMBERME cookie, then change the SESSION COOKIE to a persistent cookie (for as long as the remember me secionds value). The REMEMBERME cookie is then destroyed as its served its purpose. f. Now you have a session cookie that will end at a specific time in the future, not when the browser closes. I’m going to use this technique to solve my problem Yes, Ralph's explanation is fine and correct and does not conflict with the crux of my last message - that rememberMe() must be called before the session is started. Yes I totally agree with that. I think I don’t explain myself very well :). My original question was, how can I keep Zend_Session::start() at the beginning of my bootstrap and at the same time have my Auth Controller works with the remember me fiture. So now I have an answer, by using Ralph technique, I can set a cookie in the AuthController to notifies my bootstrap, to call Zend_Session::remeberMe()in my next page load. Actually, I got mixed up with the session remember me and the authentification remember me. It is 2 things even though the authentification remember me is tight couple with the session.( may be Zend_Session::setDuration() would be less confusing ? ) But I'm wondering why it haven’t been implemented this way? Well, I guess that Zend_Session ::rememberMe() is not specific to authentification. What do you think of a Zend_Auth::setRememberMe() to place in your Auth Controller and a Zend_Auth::rememberMe() in the bootstrap that well check for a specific cookie then proxy to Zend_Session ::rememberMe() ? Darby Felton a écrit : Hi Laurent, IIRC, Zend_Session::rememberMe() uses session_set_cookie_params(). Thus, it must be called before the session is started to work properly. This is documented here: http://framework.zend.com/manual/en/zend.session.global_session_management.html#zend.session.global_session_management.rememberme Sorry for the long URL. :) Best regards, Darby Laurent Melmoux wrote: Hi all, Until now I had call Zend_Session::start() at the beginning of bootstrap file, so far so good. But now, I would like to add a remember me option on my login form, so if the authentification succeed and the remember me have been checked I call Zend_Session::rememberMe()... But it won’t work because the session is already started! What do you consider as best practice to deal with this use case? Where Zend_Session::start() should be called ? Regards -- Laurent Melmoux - [EMAIL PROTECTED] Annecy - France Tél : 09 50 74 38 01 Portable : 06 71 09 52 26
Re: [fw-general] Zend_Session::start() and remember me
Laurent Melmoux wrote: > Hi Darby, > > > I found this quote of Ralph in the archive : > > a. You start a session.. > b. Do stuff.. > c. Go to login page, complete and click remember me.. > > d. Now, your controller/script detects the posted rememberme, and then > issues a Zend_Session_Core::rememberMe(); Note that c+d is a different request than the request for a+b. > d1. what happens now is the client is sent a cookie named REMEMBERME=true, > > e. The next page visit that Zend_Session is started on will see the > REMEMBERME cookie, then change the SESSION COOKIE to a persistent cookie > (for as long as the remember me secionds value). The REMEMBERME cookie > is then destroyed as its served its purpose. f. Now you have a session > cookie that will end at a specific time in the future, not when the > browser closes. > > I’m going to use this technique to solve my problem Yes, Ralph's explanation is fine and correct and does not conflict with the crux of my last message - that rememberMe() must be called before the session is started. > But I'm wondering why it haven’t been implemented this way? Well, I > guess that Zend_Session ::rememberMe() is not specific to authentification. > What do you think of a Zend_Auth::setRememberMe() to place in your Auth > Controller and a Zend_Auth::rememberMe() in the bootstrap that well > check for a specific cookie then proxy to Zend_Session ::rememberMe() ? > > > Darby Felton a écrit : >> Hi Laurent, >> >> IIRC, Zend_Session::rememberMe() uses session_set_cookie_params(). Thus, >> it must be called before the session is started to work properly. This >> is documented here: >> >> http://framework.zend.com/manual/en/zend.session.global_session_management.html#zend.session.global_session_management.rememberme >> >> >> Sorry for the long URL. :) >> >> Best regards, >> Darby >> >> Laurent Melmoux wrote: >> >>> Hi all, >>> >>> Until now I had call Zend_Session::start() at the beginning of bootstrap >>> file, so far so good. >>> >>> But now, I would like to add a remember me option on my login form, so >>> if the authentification succeed and the remember me have been checked I >>> call Zend_Session::rememberMe()... But it won’t work because the session >>> is already started! >>> >>> What do you consider as best practice to deal with this use case? >>> Where Zend_Session::start() should be called ? >>> >>> Regards >>> >>> >> >> > >
Re: [fw-general] Zend_Session::start() and remember me
Hi Darby, I found this quote of Ralph in the archive : a. You start a session.. b. Do stuff.. c. Go to login page, complete and click remember me.. d. Now, your controller/script detects the posted rememberme, and then issues a Zend_Session_Core::rememberMe(); d1. what happens now is the client is sent a cookie named REMEMBERME=true, e. The next page visit that Zend_Session is started on will see the REMEMBERME cookie, then change the SESSION COOKIE to a persistent cookie (for as long as the remember me secionds value). The REMEMBERME cookie is then destroyed as its served its purpose. f. Now you have a session cookie that will end at a specific time in the future, not when the browser closes. I’m going to use this technique to solve my problem But I'm wondering why it haven’t been implemented this way? Well, I guess that Zend_Session ::rememberMe() is not specific to authentification. What do you think of a Zend_Auth::setRememberMe() to place in your Auth Controller and a Zend_Auth::rememberMe() in the bootstrap that well check for a specific cookie then proxy to Zend_Session ::rememberMe() ? Darby Felton a écrit : Hi Laurent, IIRC, Zend_Session::rememberMe() uses session_set_cookie_params(). Thus, it must be called before the session is started to work properly. This is documented here: http://framework.zend.com/manual/en/zend.session.global_session_management.html#zend.session.global_session_management.rememberme Sorry for the long URL. :) Best regards, Darby Laurent Melmoux wrote: Hi all, Until now I had call Zend_Session::start() at the beginning of bootstrap file, so far so good. But now, I would like to add a remember me option on my login form, so if the authentification succeed and the remember me have been checked I call Zend_Session::rememberMe()... But it won’t work because the session is already started! What do you consider as best practice to deal with this use case? Where Zend_Session::start() should be called ? Regards -- Laurent Melmoux - [EMAIL PROTECTED] Annecy - France
Re: [fw-general] Zend_Session::start() and remember me
Hi Laurent, IIRC, Zend_Session::rememberMe() uses session_set_cookie_params(). Thus, it must be called before the session is started to work properly. This is documented here: http://framework.zend.com/manual/en/zend.session.global_session_management.html#zend.session.global_session_management.rememberme Sorry for the long URL. :) Best regards, Darby Laurent Melmoux wrote: > Hi all, > > Until now I had call Zend_Session::start() at the beginning of bootstrap > file, so far so good. > > But now, I would like to add a remember me option on my login form, so > if the authentification succeed and the remember me have been checked I > call Zend_Session::rememberMe()... But it won’t work because the session > is already started! > > What do you consider as best practice to deal with this use case? > Where Zend_Session::start() should be called ? > > Regards >
