3

I use Zend_Auth to authenticate users and then store their details in the default Zend_Auth session. This means that when a user edits his details, these changes won't be reflected in the application until he re-authenticates.

I want to avoid this problem as so:

  1. When the user logs in we only store his user ID in a Zend_Auth session

  2. On each request we fetch the user's details from the database in a preDispatch() hook, using the user ID which was stored upon login in the Zend_Auth session:

    class Plugin_Auth extends Zend_Controller_Plugin_Abstract
{

    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        if ($auth->hasIdentity())
        {
            $id = $auth->getIdentity()->id;

            $userModel = new Model_User();

            $user = $userModel->fetchOne($id);

            // Where do I store this user object ???
        }

    }
}

  3. The problem is: where do i store this User object? I think we shouldn't use sessions for this, since the goal of sessions is to persist data. There's no need for persistence though, since we re-fetch the data from the database on each request. Only the user ID must be persistent. Would storing the User object in Zend_Registry be an option here?

Freek Vanraes
  • 227
  • 5
  • 11
  • Would it not be appropriate to make reauthentication a part of changing a users profile. After all you need to make sure the user is actually the user. What a great time to reauthenticate and update the storage. – RockyFord Nov 29 '12 at 08:02

3 Answers3

1

I think example would be the best to explain how to write new auth details to Zend_Auth storage object:

$userDetails = array('foo' => 'bar');
$storage = new Zend_Auth_Storage_Session();
// set sorage for Zend_Auth
Zend_Auth::getInstance()->setStorage($storage);
// write data to the storage
Zend_Auth::getInstance()->getStorage()->write($userDetails);
// read data from storage
var_dump(Zend_Auth::getInstance()->getStorage()->read());
// edit user's data
$userDetails = array('foo' => 'bar', 'foo', 'bar');
// write new data to storage
Zend_Auth::getInstance()->getStorage()->write($userDetails);
// read new written data from storage
var_dump(Zend_Auth::getInstance()->getStorage()->read());

I think this explains how to set Zend_Auth storage, and change it later.

Bartosz Grzybowski
  • 1,149
  • 8
  • 18
  • You just described how to add data to the default `Zend_Auth` session storage mechanism. I already know how to do that. By storing all user details in a session, changes to these details will only be reflected when the user re-authenticates. – Freek Vanraes Nov 28 '12 at 23:30
  • You've edit the question. Anywho WHy You won't store the user object in session (can be as array) and only rewrite it when user edits his details without fetching user's data on each request ? If this options doesn't suit You You can always have method in your User_Model named "getCurrentUser" whit static field $user, and always get user's data from this method when query will be done once. – Bartosz Grzybowski Nov 29 '12 at 12:37
0

Use Zend_Session_Namespace to store the object. It can be as temporary or permanent as you wish to make it.

Zend_Auth already uses this in the background as it's default storage mechanism using the namespace of Zend_Auth.

class Plugin_Auth extends Zend_Controller_Plugin_Abstract
{
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        $session = new Zend_Session_Namespace('user');//instantiate session namespace
        if ($auth->hasIdentity())
        {
            $id = $auth->getIdentity()->id;

            $userModel = new Model_User();

            $user = $userModel->fetchOne($id);

            $session->user = $user;//store the object can be recalled anywhere
        }
    }
}

Of course Zend_Registry will work as well and as always the choice is yours. You may even find it appropriate to build this functionality into your auth adapter.

RockyFord
  • 8,529
  • 1
  • 15
  • 21
0

I believe using Zend_Registry is fine in your case.

Max Chernopolsky
  • 617
  • 6
  • 17