Zend_Auth - Clashes

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Zend_Auth - Clashes

ashish.sharma
This seems to be a simple problem but for me it is very crucial. I have used Zend_Auth at 2 places on site as well as site's admin console. Now the problem which I am facing it that whenever I logged in the site's admin console and open the site in logged in session of admin the site header area shows me the links like "My Account | Logout". As I have used the suggested code and it is same for site and admin panel so I think it is checking the admin logged in session on the site itself and instead of showing me "Login" link it is finding the identity of admin session and showing me the link "My Account | Logout".

I short, it seems that the Zend_Auth sessions are conflicting / clashing here. Is there any way where I can differentiate the site's Zend_Auth and admin's Zend_Auth? Can't 2 different instances can be created be created of Zend_Auth?

Kindly suggest!
Ashish Sharma

Reply | Threaded
Open this post in threaded view
|

Re: Zend_Auth - Clashes

Martijn Korse
ashish.sharma wrote
This seems to be a simple problem but for me it is very crucial. I have used Zend_Auth at 2 places on site as well as site's admin console. Now the problem which I am facing it that whenever I logged in the site's admin console and open the site in logged in session of admin the site header area shows me the links like "My Account | Logout". As I have used the suggested code and it is same for site and admin panel so I think it is checking the admin logged in session on the site itself and instead of showing me "Login" link it is finding the identity of admin session and showing me the link "My Account | Logout".

I short, it seems that the Zend_Auth sessions are conflicting / clashing here. Is there any way where I can differentiate the site's Zend_Auth and admin's Zend_Auth? Can't 2 different instances can be created be created of Zend_Auth?

Kindly suggest!
Ashish Sharma
The solution depends a bit on how your backend is structured. If the entities that can log in are completely different and have nothing to do with eachother, you should use two different adapters. If they are in essence the same entities, but with different rights, then you should use Zend_Acl
Reply | Threaded
Open this post in threaded view
|

Re: Zend_Auth - Clashes

ashish.sharma

Martijn Korse wrote
ashish.sharma wrote
This seems to be a simple problem but for me it is very crucial. I have used Zend_Auth at 2 places on site as well as site's admin console. Now the problem which I am facing it that whenever I logged in the site's admin console and open the site in logged in session of admin the site header area shows me the links like "My Account | Logout". As I have used the suggested code and it is same for site and admin panel so I think it is checking the admin logged in session on the site itself and instead of showing me "Login" link it is finding the identity of admin session and showing me the link "My Account | Logout".

I short, it seems that the Zend_Auth sessions are conflicting / clashing here. Is there any way where I can differentiate the site's Zend_Auth and admin's Zend_Auth? Can't 2 different instances can be created be created of Zend_Auth?

Kindly suggest!
Ashish Sharma
The solution depends a bit on how your backend is structured. If the entities that can log in are completely different and have nothing to do with each other, you should use two different adapters. If they are in essence the same entities, but with different rights, then you should use Zend_Acl
Yeah! Using two different adapters is what I am looking for. I mean how can i create two different Zend_Auth objects within a same application like for www.test.com/login and admin.test.com/login so that when I login to the admin.test.com and then open www.test.com in another tab the admin session won't appear there and it should show "login" link to me on www.test.com rather then "logout".

Am I clear in my specification?
Reply | Threaded
Open this post in threaded view
|

Re: Zend_Auth - Clashes

Martijn Korse
There's two things you can do that i can think of
1. modify the session namespace before authenticating, so the two different types are done within another 'namespace'

$auth->setStorage(new Zend_Auth_Storage_Session('someNamespace'));

2. When you're setting the identity (with Zend_Auth_Result), pass an object as the second parameter. So, when you do $auth->getIdentity(), it will also return that object. Use different objects for the normal users and the admin and you'll know who you are dealing with