[dev] Single Sign-On

[Thomas Fichtenbauer]

Quoting Chuck Hagenbach <chuck@horde.org>:
> Why don't you just have your PHP sessions 
> expire after 30 minutes (or whatever
> your other auth system times out after)?
> (...)

In negation to what I wrote yesterday: to simply set the 
PHP-session expiry date did not work out: even if I set 
the expiry date to 5 minutes: if the user works continuously, 
the Horde session will never expire while the Java session 
times out after xx minutes. What I need is a 
*validation*-timeout. 

So this puts me back to change Auth::getAuth().  

Quoting Chuck Hagenbach <chuck@horde.org>:
> This adds a fair amount of overhead to Auth::getAuth(), 
> unfortunately. 

The overhead is mainly created by instancing the 
auth-extension using &Auth::singleton($conf['auth']['driver'])
every time the Auth::getAuth() is called (which is more than 
once per request). This is particular annoying for users who 
will never use the validation timeout. One way to get around 
this is to save the information if validation-timeout 
is used in $conf somewhere. This might look like this:

    function getAuth()
    {
        global $conf;		
        if (isset($conf["auth"]["use_val_timeout"]) && 
			$conf["auth"]["use_val_timeout"]) {
            $auth = &Auth::singleton($conf['auth']['driver']);
            $auth->checkTimeout();
        }

        if (array_key_exists('__auth', $_SESSION)) {
            if (!empty($_SESSION['__auth']['authenticated']) &&
                !empty($_SESSION['__auth']['userID'])) {
                return $_SESSION['__auth']['userID'];
            }
        }

        if (!isset($auth)) {
            $auth = &Auth::singleton($conf['auth']['driver']);
        }
        
        if ($auth->hasCapability('transparent') &&
           $auth->transparent()) {
           return $_SESSION['__auth']['userID'];
        }

        return false;
    }

thomas