2

Experts,

I just found a weird behavior of Zend_Auth whereby it's not able to store session in the server. This happens just suddenly to all of my existing applications that use Zend_Auth for authentication purpose, so I'm sure it's not a problem with the codes. Basically, whenever the user is successfully authenticated (his user object is stored into the session) and after redirect to the landing page, the user object is always NULL.

I use Zend_Auth::getInstance()->getIdentity() to retrieve the user object from the session and it's always NULL. This weird behavior only happens in the live server and everything works just fine in my machine and staging server. I just want to make sure that it's just the server trying to be funny here coz I've been checking around the codes and still remain clueless. It's a shared server and I don't have much access.

Here is my code:

// setup Zend_Auth adapter for a database table
Zend_Loader::loadClass('Zend_Auth_Adapter_DbTable');
$db = Zend_Registry::get('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db, 'Users', 'Email', 'Password', 'MD5(?) AND Active=1');
$authAdapter->setIdentity($email)
             ->setCredential($password);

// do the authentication
$auth = Zend_Auth::getInstance();
$result = $authAdapter->authenticate();

if ($result->isValid()) {
     // success : store database row to auth's storage system
     // (not the password though!)
     $userData = array('UID','Email','Username','FirstName','LastName','Email','School');
     $data = $authAdapter->getResultRowObject($userData, 'Password');
     $auth->getStorage()->write($data);

     $userData = get_object_vars($auth->getIdentity());
     if (!empty($userData)) {
         // redirect here
     } else {
         // show invalid
     }
} else {
         // show invalid
}
ronanray
  • 577
  • 3
  • 12
  • 24
  • How are session Ids stored? Have you recently disabled cookies? Before assuming a server problem, does this happen from other browsers/PCs? – Basic Apr 26 '11 at 03:01
  • Yes, this happens for everyone and from anywhere. I'm not using cookies and as you can see the data is written to the session by calling this method $auth->getStorage()->write($data); – ronanray Apr 26 '11 at 03:59
  • In that case, i agree it sound like a server issue. What I meant with regards to Ids is: The first time you access the server, something is stored in the session server-side and the client is given a unique Id aka session id. he second time you connect to the sever, the client sends the session Id along with the request and the server uses that to look up the session variables i has previously stored. Check that your clients are being sent session Ids (usually as cookies) – Basic Apr 26 '11 at 10:06
  • @Basiclife - I can confirm this is a server issue. I called the hosting provider yesterday and they managed to clear up the session storage in the server. Thanks for the suggestion. – ronanray Apr 29 '11 at 05:11

1 Answers1

3

It sounds like the /tmp folder on your server is full meaning that if you're using file-based sessions, the session will always be empty. See if you can confirm it.

This snippet will tell you how full the disks are in the machine:

echo `df -h`."\n";

This snippet will confirm if you're using files and where they are stored.

echo ini_get('session.save_handler')."\n";
echo ini_get('session.save_path')."\n";

If the second ini_get has 'no value', then it'll default to /tmp

If the save path is within your home folder, then you can clear that out yourself, but if the save path is in /tmp or some other system folder, you'll need to get onto your hosting provider.

Lucas
  • 173
  • 1
  • 7
  • When the disk is full, your session ID won't change each time, but you'll consistently have empty sessions. – Lucas Apr 28 '11 at 04:18
  • The session is being stored in /var/php/session which I don't have permission to access it. And yes, I can confirm this is a problem with the server as I've called the hosting provider yesterday and they managed to clear it up. Now, everything works smoothly...thx for the suggestion! cheers! – ronanray Apr 29 '11 at 05:09