[dev] Authentication session data cleaned by Kronolith
SSRI
ssri_abo at u-paris2.fr
Mon Jun 24 15:50:18 UTC 2013
> Again: you must not write directly to $_SESSION. This is how it
> works correctly:
>
> In __construct(), write away the information you receive from your
> custom authentication backend, and what else you want to store in
> the session:
>
> public function __construct(array $params = array())
> {
> parent::__construct($params);
> $this->_credentials['userId'] = 'username';
> $this->_credentials['credentials'] = array(
> 'password' => 'password',
> 'transparent' => true,
> 'arbitrary_stuff' => 'xyz',
> );
> }
>
> Implement transparent() or _authenticate() at your will. Then, in
> validateAuth():
>
> public function validateAuth()
> {
> return $GLOBALS['registry']->getAuthCredential('sessionid') == 'xyz'
> }
>
Login works but I get an "Invalid Token!" error.
More information about the dev
mailing list