I'm working on my first user login in Zend, but I'm a little confused with Zend_Auth. All the articles I read about it use it directly in the controller. But to me, it makes more sense, to work with it in my User model, so that every controller can call these functions.
What do you guys think?
There's really very little documentation about models for the Zend Framework.
You can very much put the authentication logic into your User Class.
Have a look at Matthew Weier O'Phinney's blog post about Model Infrastructure, where he is showing how to add the authenticate method required by Zend_Auth_Adapter_Interface to a custom user class.
Zend_Auth::getInstance() will return the instance so you can use it in any controller where you need it , make shure to save the data on successfull login so you shouldn't need a model for authenticate or testing if a user is authenticated . ( having auth in you're model would load unnecesary model clases in memory at times when you whont need them ... , the test if a user is authenticated should be placed at bootstrap )
Edit to reply you're question
make a single controller witch will have actions for authentification and loggout , that way you keep everithing separate , you can call the loggout function with a simple link on you're page and redirect back after logging out to $_SERVER['HTTP_REFERER']; so the user ends up back to the page he was viewing when he clicked loggout .
In the normal web app "model-view-controller" paradigm (which can be argued about to no end), the view/controller section should contain code which pertains to the user's individual experience. The model should be only for interacting with your data; it should contain methods for transforming that data, storing it, and retrieving it, and members to contain it. Everything which pertains to business logic, authentication, and other session-specific information should be kept out of the "model."
