Hello all, Another engineer and I are having a bit of a debate on the correct way to handle how Symfony automatically regenerates the session id when authentication, and changing credentials. We have to make a modification to the database whenever a session is regenerated when a user is logged in. So my initial thought would be to extend the sfBasicSecurityUser class and have it dispatch a notification so another part of the system can pick it up whenever credentials are added/removed.
The other engineer believes we should extend the session storage class and modify it directly, then pass this to the sfBasicSecurityUser. To my knowledge, the sfBaicSecurityUser class is meant to be able to accept any kind of sfStorage class, not specific the session storage class even though it's kind of assumed. He thinks we should extend whichever class we currently want to use, if it's session then extend that, if later down the road we want to use MySQL then modify the mySession class and tell it to extend MySQL instead. So instead of simply modifying what storage is sent to the sfBasicSecurityUser, you'd have to modify the mySession and change what it extends. I'm not looking to be right or wrong, I'm interested what others opinions are and if they have even a better option. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
