I have a problem with my Zend_Auth function.
I have a web app that prompts a user with a login box when the key in the Zend_Auth session times out. When the user logs in with the correct credentials the key in the session is reset back to true. However when the user enters the wrong credentials all the keys in the session get wiped and the session is longer valid?
I am wondering if the Zend_Auth::getInstance() function is wiping it to start a fresh?
Any ideas?
protected function _process($values)
{
// grab data from config
$iniTime = Zend_Registry::get('config')->inactive->session;
$expireTime = $iniTime->timeout;
$realIP = new Application_Model_RealIP();
// Get our authentication adapter and check credentials
$adapter = $this->_getAuthAdapter();
$adapter->setIdentity($values['email']);
//$pwEncode->encode_password($values['password'])
$adapter->setCredential($values['password']);
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($adapter);
if ($result->isValid()) {
$user = $adapter->getResultRowObject();
$user->session_IP = $realIP->getRealIpAddr();
$auth->getStorage()->write($user);
//check whether the client is authenticated
$session = new Zend_Session_Namespace('new_session');
// Set "dummy" key with expiration
$session->key = true;
$session->setExpirationSeconds( $expireTime, 'key' );
return true;
}
return false;
}
Link to the auth function that calls the _process method link
From what I can tell you need to
_forward()(preserves the request) or_redirect()(new request) back to the login, either as a result of a failedauthenticate()in_process()or somewhere between line 60 and 100 inauthAction().From what I’ve been reading it seems as though a failed login is logged and the db is updated but then … nothing. No redirect, no forward, just a header set to 500 and a message generated.
Hope this helps. I hope I didn’t miss it completely.