session storage problem

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

session storage problem

András Csányi
Hi!

I have a problem and i need some help. :)

I use Zend_Auth i my application. The basic of using Zend_Auth Acrabat
Zend_Auth tutorial.

In my IndexController class is the next code:

public function preDispatch() {
     $auth = Zend_Auth::getInstance();
     if(!$auth->hasIdentity()) {
       $this->_redirect('auth/login');
     }
   }

Because everybody have to login.
I use session storage with 'auth' namespace.

But the code stop the next error message:
Fatal error: Cannot use object of type stdClass as array in
/var/www/saycms/zend_framework/Zend/Session/Abstract.php on line 92

This code is part of Zend Framework.
I search what is the problem several hours, but i don't know what is
the problem. I understand what means the message, but i don't know
why.

I did this:
1, i changed the session namespace to nothing (default is "storage")
2, i drop the code (preDispatch() method) -> the code is working fine,
but i can't protect my application. :(
3, I followed the error (var_dump() and die() -> it was funny... and
long time...) and the result:
the problem is in the Zend_Auth::hasIdentity() method
   public function hasIdentity()
   {
       return !$this->getStorage()->isEmpty();
   }

Here is the problem is in the isEmpty() method. The method part of
Zend_Auth_Storage_Session (Zend_Auth_Storage_Session is implement
Zend_Auth_Storage_Interface) class:

public function isEmpty()
   {
       return !isset($this->_session->{$this->_member});
   }

if i run the code this:

   public function isEmpty()
   {
     var_dump($this->_session);
     echo "<br>";
     var_dump($this->_member);
     die();
       return !isset($this->_session->{$this->_member});
   }
the result is like this:

object(Zend_Session_Namespace)#36 (1) { ["_namespace:protected"]=>
string(9) "Zend_Auth" }
string(7) "storage"

I searched the google lot of without results. Anybody hasn't this
problem and i can't resolv this problem.

Thank's the help.

András

ps.: sorry my english

--
- -
--  Csanyi Andras  -- http://sayusi.hu -- Sayusi Ando
--  "Bízzál Istenben és tartsd szárazon a puskaport!".-- Cromwell
Reply | Threaded
Open this post in threaded view
|

Re: session storage problem

Erik Duindam
I know this is an old topic, but people might need a solution for this huge issue, so here it is (or might be).

I've been debugging for hours. Zend_Session, Zend_Auth, var_dumps, etc; I couldn't find anything. So then I started debugging from scratch again and found a very very strange issue. If I var_dump'ed $_SESSION['somekey'], it return a stdClass. It did not matter which key I used in $_SESSION, it always returned the same stdClass. And that stdClass was an exact copy of an object in my registry.

So then I tried to unset or destroy or change the session like this:
unset($_SESSION);
unset($_SESSION['key']);
$_SESSION = array();

When I then var_dump'ed session on the next line, I got an expected array(0). However, when I var_dump'ed $_SESSION['key'] _on the next line(!!)_, then I got the same stdClass again. This is theoretically impossible, because I just unset it on the previous line.

So then I thought let's check out the registry. It doesn't do anything special. The only thing that raises suspicion is the fact that's it extends ArrayObject. The problem must be inside ArrayObject.

So I started Googling and found a known PHP issue (which will be fixed in PHP 5.3); there are issues serializing ArrayObjects which contain other ArrayObjects. So my guess is it also has problems when containg stdClasses.

I wasn't aware of the fact that I was using stdClasses. However, somewhere in my code I defined:
$registry = Zend_Registry::getInstance();
$registry->foo->bar = 'Some value';

In this case, $registry->foo is an stdClass, because I use object notation to add bar.

So now we have an extend ArrayObject containing an stdClass. And somehow that stdClass is assigned to every $_SESSION-key and cannot be unset. An internal PHP bug probably.

My fix is to avoid stdClasses in (extended) ArrayObjects. So avoid:
$registry->foo->bar

Just use something like:
$registry->foobar

Also, you probably want to avoid using ArrayObjects in your registry, but I haven't tested that.

So, it's a very strange situation, but this fixed the entire problem for me. See http://bogambilya.asti.dost.gov.ph/manual/bg/class.arrayobject.php and Google for the known PHP bug.



sayusi wrote
Hi!

I have a problem and i need some help. :)

I use Zend_Auth i my application. The basic of using Zend_Auth Acrabat
Zend_Auth tutorial.

In my IndexController class is the next code:

public function preDispatch() {
     $auth = Zend_Auth::getInstance();
     if(!$auth->hasIdentity()) {
       $this->_redirect('auth/login');
     }
   }

Because everybody have to login.
I use session storage with 'auth' namespace.

But the code stop the next error message:
Fatal error: Cannot use object of type stdClass as array in
/var/www/saycms/zend_framework/Zend/Session/Abstract.php on line 92

This code is part of Zend Framework.
I search what is the problem several hours, but i don't know what is
the problem. I understand what means the message, but i don't know
why.

I did this:
1, i changed the session namespace to nothing (default is "storage")
2, i drop the code (preDispatch() method) -> the code is working fine,
but i can't protect my application. :(
3, I followed the error (var_dump() and die() -> it was funny... and
long time...) and the result:
the problem is in the Zend_Auth::hasIdentity() method
   public function hasIdentity()
   {
       return !$this->getStorage()->isEmpty();
   }

Here is the problem is in the isEmpty() method. The method part of
Zend_Auth_Storage_Session (Zend_Auth_Storage_Session is implement
Zend_Auth_Storage_Interface) class:

public function isEmpty()
   {
       return !isset($this->_session->{$this->_member});
   }

if i run the code this:

   public function isEmpty()
   {
     var_dump($this->_session);
     echo "<br>";
     var_dump($this->_member);
     die();
       return !isset($this->_session->{$this->_member});
   }
the result is like this:

object(Zend_Session_Namespace)#36 (1) { ["_namespace:protected"]=>
string(9) "Zend_Auth" }
string(7) "storage"

I searched the google lot of without results. Anybody hasn't this
problem and i can't resolv this problem.

Thank's the help.

András

ps.: sorry my english

--
- -
--  Csanyi Andras  -- http://sayusi.hu -- Sayusi Ando
--  "Bízzál Istenben és tartsd szárazon a puskaport!".-- Cromwell
Reply | Threaded
Open this post in threaded view
|

Re: session storage problem

russellnation
In reply to this post by András Csányi
I was having this same problem once I uploaded my app to a server on the tubes.

I fixed it by setting:

session.save_path = "/whatever/your/hosting/company/says/to/put/here"

In php.ini

In fact the correct path was already there I just had to uncomment, remove the ; and it worked. At least it seems to be working.
Reply | Threaded
Open this post in threaded view
|

Two sessions in one server

Guillermo Caserotto

Hi folks, i have one server and its configured with zend for using two o more projects at the same time. Also have an index page for each project with their IndexControllers. I did a LoginController on the two projects using Zend_Auth but i can't getting to work with two projects. For example, I enter login a password in project one, its authenticated, when i go to the second project its show me directly the menu page, its like im logged in.

How can i do?


Thanks!




Reply | Threaded
Open this post in threaded view
|

Re: Two sessions in one server

Tom Graham-2
Try having different session namespaces for the two projects, for example:

// In the first project
$auth = new Zend_Auth();
$auth->setStorage(new Zend_Auth_Storage_Session('project1'));

// In the second project
$auth = new Zend_Auth();
$auth->setStorage(new Zend_Auth_Storage_Session('project2'));

Hope that helps,

Tom


On 22 Apr 2009, at 15:09, Guillermo Caserotto wrote:


Hi folks, i have one server and its configured with zend for using two o more projects at the same time. Also have an index page for each project with their IndexControllers. I did a LoginController on the two projects using Zend_Auth but i can't getting to work with two projects. For example, I enter login a password in project one, its authenticated, when i go to the second project its show me directly the menu page, its like im logged in. 

How can i do?


Thanks!






Reply | Threaded
Open this post in threaded view
|

Re: Two sessions in one server

Hector Virgen
If you want to make sure there are no other session conflicts between the two projects, you should take a look at the Zend_Session configuration options:


You can give each project a unique session name so there will be no conflicts, even without modifying Zend_Auth.

-Hector


On Wed, Apr 22, 2009 at 7:25 AM, Tom Graham <[hidden email]> wrote:
Try having different session namespaces for the two projects, for example:

// In the first project
$auth = new Zend_Auth();
$auth->setStorage(new Zend_Auth_Storage_Session('project1'));

// In the second project
$auth = new Zend_Auth();
$auth->setStorage(new Zend_Auth_Storage_Session('project2'));

Hope that helps,

Tom


On 22 Apr 2009, at 15:09, Guillermo Caserotto wrote:


Hi folks, i have one server and its configured with zend for using two o more projects at the same time. Also have an index page for each project with their IndexControllers. I did a LoginController on the two projects using Zend_Auth but i can't getting to work with two projects. For example, I enter login a password in project one, its authenticated, when i go to the second project its show me directly the menu page, its like im logged in. 

How can i do?


Thanks!







--
Hector Virgen
Reply | Threaded
Open this post in threaded view
|

Re: Two sessions in one server

Guillermo Caserotto
Thanks! Its works.
Although I cant instantiate Zend_Auth, its a singleton.

On each project i write this code:

Project 1:
$p = new Zend_Auth_Storage_Session('PROJECT1');
$aut = Zend_Auth::getInstance();
$aut->setStorage($p);
$result = $aut->authenticate($autAdapter);
 
Project 2:
$p = new Zend_Auth_Storage_Session('PROJECT2');
$aut = Zend_Auth::getInstance();
$aut->setStorage($p);
$result = $aut->authenticate($autAdapter);

Then in my IndexController I check what session is, it can be done in many ways:
For now i used:

  if(isset( $_SESSION['PROJECT1'] ) {
                echo "loggedIn";
                };


Thanks,
Guille.

From: Hector Virgen <[hidden email]>
To: Tom Graham <[hidden email]>
Cc: [hidden email]
Sent: Wednesday, April 22, 2009 12:23:34 PM
Subject: Re: [fw-auth] Two sessions in one server

If you want to make sure there are no other session conflicts between the two projects, you should take a look at the Zend_Session configuration options:


You can give each project a unique session name so there will be no conflicts, even without modifying Zend_Auth.

-Hector


On Wed, Apr 22, 2009 at 7:25 AM, Tom Graham <[hidden email]> wrote:
Try having different session namespaces for the two projects, for example:

// In the first project
$auth = new Zend_Auth();
$auth->setStorage(new Zend_Auth_Storage_Session('project1'));

// In the second project
$auth = new Zend_Auth();
$auth->setStorage(new Zend_Auth_Storage_Session('project2'));

Hope that helps,

Tom


On 22 Apr 2009, at 15:09, Guillermo Caserotto wrote:


Hi folks, i have one server and its configured with zend for using two o more projects at the same time. Also have an index page for each project with their IndexControllers. I did a LoginController on the two projects using Zend_Auth but i can't getting to work with two projects. For example, I enter login a password in project one, its authenticated, when i go to the second project its show me directly the menu page, its like im logged in. 

How can i do?


Thanks!








Reply | Threaded
Open this post in threaded view
|

Re: Two sessions in one server

Piotr Kabaciński-2
Hello,

Don't you think that more convinient would be to use
session_name($sessname) with unique $sessname for every project and
don't bother yourself with distinguish it inside project?


Guillermo Caserotto wrote:

> Thanks! Its works.
> Although I cant instantiate Zend_Auth, its a singleton.
>
> On each project i write this code:
>
> Project 1:
> $p = new Zend_Auth_Storage_Session('PROJECT1');
> $aut = Zend_Auth::getInstance();
> $aut->setStorage($p);
> $result = $aut->authenticate($autAdapter);
>  
> Project 2:
> $p = new Zend_Auth_Storage_Session('PROJECT2');
> $aut = Zend_Auth::getInstance();
> $aut->setStorage($p);
> $result = $aut->authenticate($autAdapter);
>
> Then in my IndexController I check what session is, it can be done in
> many ways:
> For now i used:
>
>   if(isset( $_SESSION['PROJECT1'] ) {
>                 echo "loggedIn";
>                 };
>
>
> Thanks,
> Guille.
> ------------------------------------------------------------------------
> *From:* Hector Virgen <[hidden email]>
> *To:* Tom Graham <[hidden email]>
> *Cc:* [hidden email]
> *Sent:* Wednesday, April 22, 2009 12:23:34 PM
> *Subject:* Re: [fw-auth] Two sessions in one server
>
> If you want to make sure there are no other session conflicts between
> the two projects, you should take a look at the Zend_Session
> configuration options:
>
> http://framework.zend.com/manual/en/zend.session.global_session_management.html
>
> You can give each project a unique session name so there will be no
> conflicts, even without modifying Zend_Auth.


--
Piotr Kabacinski
a2Fib3Q