3

My requirement is, When user agent change session should destroy, and it should start new session. But Zend_Session::start() is throwing an exception if destroy was called before start(). 


try { 
    Zend_Session::start();   
} catch (Zend_Session_Exception $e) {   
    Zend_Session::destroy(true);
    Zend_Session::start(); // breaking here   
    Zend_Session::regenerateId();   
}  

Zend_Session::registerValidator(new Zend_Session_Validator_HttpUserAgent());

Exception:

Uncaught exception 'Zend_Session_Exception' with message 'The session was explicitly destroyed during this request, attempting to re-start is not allowed.' in library\Zend\Session.php:431

EDIT:
The reason is the second start() command is silently ignored if it was already called in that request. I have posted an issue, Hope they accept it.. 


if (self::$_sessionStarted) {
    return; // already started
}

Please vote it
http://framework.zend.com/issues/browse/ZF-11420

Venu
  • 7,243
  • 4
  • 39
  • 54

2 Answers2

2

Guys I have solved it my self

try {
        Zend_Session::start();
    } catch (Zend_Session_Exception $e) {
        Zend_Session::destroy(true);

        $this->bootstrap('frontController');
        $front = $this->getResource('frontController');
        $front->setRequest(new Zend_Controller_Request_Http()); 
        $front->setResponse(new Zend_Controller_Response_Http());

        $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
        $redirector->gotoUrl($front->getRequest()->getRequestUri(),array('prependBase' => false));

    }
Venu
  • 7,243
  • 4
  • 39
  • 54
1

Why are you trying to restart the session? Just redirect the user to the login screen after calling destroy()

EDIT:

Zend_Session works differently from regular php sessions and hence why this is acceptable in vanilla PHP and not Zend Framework.

The culprit check is here:

if (self::$_sessionStarted && self::$_destroyed) {
    require_once 'Zend/Session/Exception.php';
    throw new Zend_Session_Exception('The session was explicitly destroyed during this request, attempting to re-start is not allowed.');
}

You could try commenting out this chunk of code in Zend_Session and seeing how it behaves, although its highly likely this has been done for a specific reason.

JamesHalsall
  • 13,224
  • 4
  • 41
  • 66
  • I have a global session management in bootstrap, which validates the request and starts session. By that time, request won't be dispatched. Then why to make another request? As we already knew that session is wrong one? we could easily start new one right? – Venu May 31 '11 at 12:30
  • If you destroy the session and re-create it, the server will be storing a different session hash than the browser's session cookie, hence why it won't work – JamesHalsall May 31 '11 at 12:39
  • I will destroy the session only when I found the user-agent is wrong with particular browser's session cookie. In that case, I can assume like, its a session hack kind of thing, and can destroy the session, start the new session, which sends the new hash to browser.. so it will be like new user.. – Venu May 31 '11 at 12:43
  • Yes, I have checked that earlier. I have posted an issue in issue tracker. – Venu May 31 '11 at 12:55