Home/ Questions/Q 564555
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T12:46:44+00:00

I was hoping someone could help me with a question I’ve come up on.

  • 0

I was hoping someone could help me with a question I’ve come up on.

I have a Session object that handles storage of general session data, I also have a Authentication object which validates a users credentials.

Initially I passed the desired Authentication class name to my Session object then had a login method that created an instance of the Authentication object and validate the credentials. I stored the result of this validation in a Session variable and made it available via a getter. The user data was also stored in the Session for later use. In addition to all this, I have a logout method, which removes the user data from the Session and thus logging the user out.

My question is what role should the Session object play in users logging into their account?

And what other ways might one suggest I go about handling user login, as it stands right now I feel as though I’m getting too much wrapped up in my Session object.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Simply calling your authenticate method should trigger logic within Auth to store the proper data in the session (or some other data store) and Auth should also be used exclusively to retreive/revoke this info. So using the example form your comment it might be:

    class Auth {
  public static function authenticate($identity, $pass)
  {
     // do lookup to match identity/pass if its good then

     /* assume $auth is an array with the username/email or 
        whatever data you need to store as part of authentication */
     Session::set('auth', $auth);
     return true;

     // if auth failed then 
     Session::set('auth', array('user'=>'anonymous'));
     return false;
  }

  public function isAuthenticated()
  {
     $auth = Session::get('auth');
     if(!$auth)
     {
       return false;
     }

     return (isset($auth['user']) && $auth['user'] !== 'anonymous'); 
   }
}

    […] as it stands right now I feel as
    though I’m getting too much wrapped up
    in my Session object.

    And id agree. Idelaly for authentication/credentials you shoudl only be interacting with the Auth/Acl object(s). They would then utilize the session as stateful store… but you shouldnt care that its even stored in session. The code utilizng the Auth/Acl object(s) should be completely unaware of this fact.

    For example:

    //Bad

if($session->get('authenticated', 'auth'))
{
  // do stuff
}


// also bad

if(isset($_SESSION['authenticated']))
{
  // do stuff
}


//Good

if($auth->isAuthenticated())
{
  // do stuff
}

// inside $auth class it might look like this
public function isAuthenticated()
{
  $store = $this->getSotrage(); // assume this returns the $_SESSION['auth']
  return isset($store['authenticated']);
}
    • 0