Remembering Authenticated Sessions With Zend Framework

27th January 2009

After setting up your session management in your application using one of the Zend_Auth adapters you might want to allow users to stay logged in. What you need to do is set some configuration options in the Zend_Session object. Zend_Auth uses Zend_Session as an object orientated way of manipulating the $_SESSION variable. Any changes you make to the Zend_Session object will affect the Zend_Auth object, as long as you set these options before the sessions are started.

There are a number of configuration options available, but for the effect I was looking for I only needed to change the ones below. You might not need to set all of these, but it gave me the best cross browser behaviour.

  1. [live]
  2. sessions.name = SESS_NAME
  3. sessions.strict = off
  4. sessions.use_only_cookies = on
  5. sessions.cookie_lifetime = 12345678
  6. sessions.remember_me_seconds = 12345678
  7. sessions.gc_maxlifetime = 12345678
12345678 is the number of seconds, which is about 6 months.

You can load these configuration options into your session using the following code.

  1. // load the config file
  2. $configuration = new Zend_Config_Ini('config.ini', 'live');
  3. // load the config file into the session options.
  4. Zend_Session::setOptions($configuration->sessions->toArray());

Put this in your bootstrap file so that it is loaded before your Zend_Auth call. You should now find that your users are able to close down the browser and reopen it with the session intact.

Comments

Permalink
Zend_Session::rememberMe() doesn't work ??

binko (Mon, 08/25/2014 - 12:18)

Add new comment

The content of this field is kept private and will not be shown publicly.