Zend Framework Zend_auth sessions getting mixed up

1
votes

I've two subdomains. Each subdomain has its own authenticated users database. I'm using 

$auth = Zend_Auth::getInstance();
if($auth->hasIdentity()){ }

to check user login credentials. It works prefectly for each individual subdomain. But when I log into one subdomain and try to access 'restricted' page in another subdomain without logging out from first subdomain, it takes me thru. Basically 'auth' session of first subdomain returns true in '$auth->hasIdentity()' for second subdomain. How can I solve this?

EDIT: Probably using different auth session names might solve it but since I'm sharing the code between these 2 subdomains, this is not feasible option.

2
zend-frameworkauthenticationsessionlogin
minor updates. check the new codeSMka
@SM: please see my comments below in your solution. Thanks.understack
post updated with Bootstraping without Zend_ApplicationSMka

2 Answers

1
votes

do somewhere at top of your Bootstrap

protected function _initModifiedSession()
{
    if ($this->hasPluginResource('session'))
    {
        $resourcesOptions = $this->getOption('resources');
        $resourcesOptions['resources']['session']['cookie_domain'] = $_SERVER['HTTP_HOST'];
        $this->setOptions($resourcesOptions);
        $this->bootstrap('session');
    }
}

UPDATE1
without Zend_Application

    $sessionOptions = array(
        'cookie_domain' => $_SERVER['HTTP_HOST']
    );
    Zend_Session::setOptions($sessionOptions);
1
votes

You should restrict the auth cookies to the current subdomain.