-1

I am using Zend_auth for authentication purposes.Code for the same is as follows:

             $authAdapter = $this->getAuthAdapter();
            $authAdapter->setIdentity($username)
                    ->setCredential($password);
            $auth = Zend_Auth::getInstance();
            $result = $auth->authenticate($authAdapter);
            # is the user a valid one?
            if ($result->isValid()) {
                # all info about this user from the login table
                # ommit only the password, we don't need that
                $userInfo = $authAdapter->getResultRowObject(null, 'password');

                # the default storage is a session with namespace Zend_Auth
                $authStorage = $auth->getStorage();
                $authStorage->write($userInfo);
                $emp_id = $userInfo->employee_id;
                $userInfo = Zend_Auth::getInstance()->getStorage()->read();
                $array_db = new Application_Model_SetMstDb();
                $array_name = $array_db->getName($emp_id);

                foreach ($array_name as $name) :
                    $fname = $name['first_name'];
                    $lname = $name['last_name'];
                endforeach;

                $firstname = new stdClass;
                $lastname = new stdClass;
                $userInfo->firstname = $fname;
                $userInfo->lastname = $lname;

                $privilege_id = $userInfo->privilege_id;
                echo 'privilege in Login: ' . $privilege_id;
                $this->_redirect('index/index');
            } else {
                $errorMessage = "Invalid username or password";
                $this->view->error = $errorMessage;
              }

where getAuthAdapter() as follows:

     protected function getAuthAdapter() {
    $dbAdapter = Zend_Db_Table::getDefaultAdapter();
    $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);

    $authAdapter->setTableName('credentials')
            ->setIdentityColumn('employee_id')
            ->setCredentialColumn('password');


    return $authAdapter;
}

I want to set a session timeout.I want to set a timeout of 5 mins and when user does not being active for 5 mins then session should be expired that is logout action should be called whose code is as follows:

      public function logoutAction() {
    // action body
    Zend_Auth::getInstance()->clearIdentity();
    $this->_redirect('login/index');
   }

Thanks in advance.Plz Help me.Its urgent.

When I use 

    $session = new Zend_Session_Namespace( 'Zend_Auth' ); 
    $session->setExpirationSeconds( 60 );

control redirects to login page automatically after 60 seconds but I want that if the user of the application in inactive for 60 seconds then only it redirects.At present whether user is active or not redirection occurs.

hakre
  • 193,403
  • 52
  • 435
  • 836
ryan
  • 333
  • 1
  • 15
  • 28
  • here : http://stackoverflow.com/questions/5146217/get-session-expiration-time-in-zend-framework – ehanoc Apr 23 '12 at 10:24
  • If I will use $session = new Zend_Session_Namespace( 'Zend_Auth' ); $session->setExpirationSeconds( 60 ); then how to check that 60 second has been completed and where has it to be checked like it has to be checked in init() method of every controller. – ryan Apr 23 '12 at 11:10
  • Please give some code snippet – ryan Apr 23 '12 at 11:10

2 Answers2

0

I wouldn't use init() for this. init() should be use to set object state.

I would use preDispatch(). But to avoid using it all controllers or making a base controller and then extending. You could do a plugin and add it on the Bootstrap.

class YourControllerPlugin extends Zend_Controller_Plugin_Abstract {
   public function preDispatch() {
        //check if expired
       if(hasExpired()) {
          //logout and redirect
       }
   }
}

to add it on Bootstrap : 

public function __initYourPlugin () {
    $this->bootstrap('frontController');

    $plugin = new YourControllerPlugin();

    $front = Zend_Controller_Front::getInstance();
    $front->registerPlugin($plugin);

    return $plugin;
}
ehanoc
  • 2,187
  • 18
  • 23
  • Here $this->bootstrap('frontController'); has to be used as it is or I have to specify my front controller which is loginController?? – ryan Apr 23 '12 at 11:26
  • Not your LoginController. It's just to make sure we initialize Zend's front controller which is responsible for the request enviroment. What's the version of the framework your using ? – ehanoc Apr 23 '12 at 11:30
  • Hi I am not getting you.Please answer foll question:1.Where I should define session and its expiration time??2.Should it be defined in the bootstrap file?3.The above two snippet has to be specified in the bootstrap file?? – ryan Apr 24 '12 at 08:26
0

I'm looking at my code for this right now. This snippet is from a front controller plugin. Each time an authenticated user requests a page, I reset their session expiration so they've got 60mins from they were last "active".

    public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) {

    //check whether the client is authenticated
    if (Zend_Auth::getInstance()->hasIdentity()) {

        $session = $this->_getAuthSession();

        //update session expiry date to 60mins from NOW
        $session->setExpirationSeconds(60*60);

        return;
    }

Aside: I'm looking over this code for a way to show the user a "your session has expired" message rather than the current "you're not authenticated" message.

James Newell
  • 652
  • 8
  • 12
  • I think I originally found the answer here http://stackoverflow.com/questions/9344577/zend-framework-automatic-logout-after-inactivity – James Newell Jun 19 '12 at 23:40