[dev] Authentication session data cleaned by Kronolith
Jan Schneider
jan at horde.org
Mon Jun 24 16:09:04 UTC 2013
Zitat von SSRI <ssri_abo at u-paris2.fr>:
>> Again: you must not write directly to $_SESSION. This is how it
>> works correctly:
>>
>> In __construct(), write away the information you receive from your
>> custom authentication backend, and what else you want to store in
>> the session:
>>
>> public function __construct(array $params = array())
>> {
>> parent::__construct($params);
>> $this->_credentials['userId'] = 'username';
>> $this->_credentials['credentials'] = array(
>> 'password' => 'password',
>> 'transparent' => true,
>> 'arbitrary_stuff' => 'xyz',
>> );
>> }
>>
>> Implement transparent() or _authenticate() at your will. Then, in
>> validateAuth():
>>
>> public function validateAuth()
>> {
>> return $GLOBALS['registry']->getAuthCredential('sessionid') == 'xyz'
>> }
>>
>
> Login works but I get an "Invalid Token!" error.
Where? When? How?
--
Jan Schneider
The Horde Project
http://www.horde.org/
More information about the dev
mailing list