[dev] Authentication session data cleaned by Kronolith

SSRI ssri_abo at u-paris2.fr
Mon Jun 24 15:50:18 UTC 2013


> Again: you must not write directly to $_SESSION. This is how it  
> works correctly:
>
> In __construct(), write away the information you receive from your  
> custom authentication backend, and what else you want to store in  
> the session:
>
>     public function __construct(array $params = array())
>     {
>         parent::__construct($params);
>         $this->_credentials['userId'] = 'username';
>         $this->_credentials['credentials'] = array(
>             'password' => 'password',
>             'transparent' => true,
>             'arbitrary_stuff' => 'xyz',
>         );
>     }
>
> Implement transparent() or _authenticate() at your will. Then, in  
> validateAuth():
>
>     public function validateAuth()
>     {
>         return $GLOBALS['registry']->getAuthCredential('sessionid') == 'xyz'
>     }
>

Login works but I get an "Invalid Token!" error.



More information about the dev mailing list