ZF Home Page
Issue Tracker
Code Browser
Wiki Dashboard
on the top right of the page you're viewing.
Page Operations
Browse SpaceAnonymous Sessions
Anonymous sessions require almost no effort in the ZF. Sometimes an application keeps track of a user's recent actions and results, such as recently viewed pages or items and recent searches or search results.
Session State Files
First, a new, writable directory must exist for use by Zend_Session and PHP's ext_session extension to store the session state files. One file exists for each session. Various settings in PHP's "ini" file control how often files are expired from this cached pool of session state files. Additionally, the temporary directory may eventually hold other temporary files, like cached data and compiled templates.
Starting the Session
To use sessions, we initialize Zend_Session at the end of Stage 1 by first loading the configuration for Zend_Session from "config/Zend_Session.ini". Next, the location for saving session information must be adjusted to make it a unique location that does not overlap with any other web applications. Lastly, the session manager is started.
Accessing a Session Namespace
Now that the session has been configured, we need a "space" inside the session to contain some session data. The ZF supports named spaces, each with private data kept separate from other session spaces. For now, ZFDemo only needs one space, so we creatively choose the namespace 'zfdemo'.
Values of the spaces are accessed just like values in Zend_Config_Ini using the '->' access operator, such as with the session key named 'startTime'. For the first visit, a user has no data in their session space, so the application can detect this and perform initializations of the session data. The first step should be regenerating a new session id to help thwart [session hijackers]. After that, both a computer-friendly timestamp and a human-readable date are attached to the session marking the time when the session began. [Session expiration] is complex and depends on your PHP and server configuration, but can often be lengthened beyond the duration of the user's browser window.
For successive visit, after the user's first page view, the last visit time is updated, and the number of hours elapsed since their prior visit is calculated. Also, the number of requests by the user is tracked.
Configuring Sessions
Configuring sessions does require some planning to avoid accidental security flaws. In ZFDemo:
- Session ids are passed between the user's web browser and the server using HTTP cookies.
- Session data is saved in the 'data/sessions' directory relative to the application's source code.
- Zend_Session is set to "strict" mode, which prevents auto-starting sessions on accident.
- When asking Zend_Session to make the session not expire, if the user closes their window, the default time-to-live will be 10 days.
Next Section: 7. Identity and Authentication
Using ZF 1.0.3 I needed to do the following corrections to the files in section6_session:
Set full read and write permission on folders:
section6_session/data/
section6_session/temporary/
section6_session/temporary/sessions/
LOC: index.php
ERR: function name '_' not allowed by php
OLD: function _($msg)
NEW: function _x($msg)
Search and replace all occurences of '_(' with '_x(' in all files in dir 'section6_session/'
LOC: index.php
ERR: paths doesn't work
OLD: //ZFDemoGrub('section6_session', 'sandbox'); [comment out]
NEW: ZFDemoGrub('/Users/marcgrue/Sites/zfdemo/section6_session/', 'sandbox'); [uncomment this line - use an absolute path]
LOC: index.php
ERR: php errors not showing for debugging (with my general php_ini settings)
NEW: ini_set('display_errors', true); [add this line before/after the line 'error_reporting(E_ALL|E_STRICT);']
LOC: section6_session/bootstrap.php::stage1(), line 179
ERR: fatal error: Zend_View class declared twice
OLD: require 'Zend/View.php';
NEW: require_once 'Zend/View.php';
LOC: section6_session/bootstrap.php::stage1() line 200
ERR: Going to 'Forums': wrong (empty) view object is rendered, so no topics are shown
NEW: $frontController->setParam('noViewRenderer', true); [add this line just before returning the $frontController]
LOC: section6_session/bootstrap.php::stage2() ca line 327
ERR: '/index.php' added unnecessarily to baseurl
OLD: $baseUrl .= '/index.php';
NEW: $baseUrl .= '/';
LOC: section6_session/default/controllers/IndexController.php::indexAction() line 29
ERR: '/index.php' added unnecessarily to baseurl
OLD: $this->view->baseUrl .= '/index.php';
NEW: //$this->view->baseUrl .= '/index.php'; [comment out]
LOC: section6_session/forum/controllers/IndexController.php::redirectToTopics() line 120
ERR: link to forums is silently redirected back to 'home'
OLD: $this->setRedirectCode(303);
NEW: //$this->setRedirectCode(303); [uncomment]
ALTERNATIVE: add "/topics" to Forums link in zfdemo/index.php
LOC: section6_session/forum/models/pdo/Topics.php::getPresentationModel() line 33
ERR: Zend_Date not loaded
NEW: require_once 'Zend/Date.php'; [add line]
LOC: section6_session/forum/models/pdo/Posts.php::getPostsByTopicId() line 58
ERR: Zend_Date not loaded
NEW: require_once 'Zend/Date.php'; [add line]
sometimes
the xpath function in line 96 of the _readFile function in Zend_Local_Data reads the data file
in a wrong way, so that a wrong path to an alias subnode in the xml file is fetched. This causes:
Fatal error: Method Zend_Date::__toString() must not throw an
exception in /Users/marcgrue/Sites/zfdemo/section6_session/forum/views/scripts/topicsIndex.phtml on line 47
By reloading the page a few times, the error disappears. I wonder how this happens it must be a bug in
the xpath function it fetches the xml file.
Hope this helps others to get the tutorial going.