Remembering Authenticated Sessions With Zend Framework

Note: This post is over two years old and so the information contained here might be out of date. If you do spot something please leave a comment and we will endeavour to correct.

27th January 2009 - 3 minutes read time

After setting up your session management in your application using one of the Zend_Auth adapters you might want to allow users to stay logged in. What you need to do is set some configuration options in the Zend_Session object. Zend_Auth uses Zend_Session as an object orientated way of manipulating the $_SESSION variable. Any changes you make to the Zend_Session object will affect the Zend_Auth object, as long as you set these options before the sessions are started.

There are a number of configuration options available, but for the effect I was looking for I only needed to change the ones below. You might not need to set all of these, but it gave me the best cross browser behaviour.

[live]
sessions.name = SESS_NAME
sessions.strict = off
sessions.use_only_cookies = on
sessions.cookie_lifetime = 12345678
sessions.remember_me_seconds = 12345678
sessions.gc_maxlifetime = 12345678

12345678 is the number of seconds, which is about 6 months.

You can load these configuration options into your session using the following code.

// load the config file
$configuration = new Zend_Config_Ini('config.ini', 'live');
// load the config file into the session options.
Zend_Session::setOptions($configuration->sessions->toArray());

Put this in your bootstrap file so that it is loaded before your Zend_Auth call. You should now find that your users are able to close down the browser and reopen it with the session intact.

PHP