[dev] Authentication session data cleaned by Kronolith
SSRI
ssri_abo at u-paris2.fr
Tue Jun 25 09:42:37 UTC 2013
>>> Again: you must not write directly to $_SESSION. This is how it
>>> works correctly:
>>>
>>> In __construct(), write away the information you receive from your
>>> custom authentication backend, and what else you want to store in
>>> the session:
>>>
>>> public function __construct(array $params = array())
>>> {
>>> parent::__construct($params);
>>> $this->_credentials['userId'] = 'username';
>>> $this->_credentials['credentials'] = array(
>>> 'password' => 'password',
>>> 'transparent' => true,
>>> 'arbitrary_stuff' => 'xyz',
>>> );
>>> }
>>>
>>> Implement transparent() or _authenticate() at your will. Then, in
>>> validateAuth():
>>>
>>> public function validateAuth()
>>> {
>>> return $GLOBALS['registry']->getAuthCredential('sessionid') == 'xyz'
>>> }
>>>
>>
>> Login works but I get an "Invalid Token!" error.
>
> Where? When? How?
After kronolith, nag, mnemo have gone through validateAuth, here's the logs :
...
2013-06-25T10:46:10+02:00 DEBUG: HORDE [mnemo] Horde_Prefs: Storing
preference value (display_notepads) [pid 8184 on line 557 of
"/usr/share/horde/mnemo/lib/Mnemo.php"]
2013-06-25T10:46:10+02:00 DEBUG: HORDE [horde] validateAuth x.x.x.x
[26qm7v8llj4tjl858safqrpsh5][] [pid 8184 on line 265 of
"/usr/share/horde/pear/php/Horde/Auth/Driver.php"]
2013-06-25T10:46:10+02:00 DEBUG: HORDE [horde] Invalid token! [pid
8184 on line 27 of
"/usr/share/horde/pear/php/Horde/Core/Notification/Handler/Decorator/Hordelog.php"]
2013-06-25T10:46:10+02:00 DEBUG: HORDE [horde] validateAuth x.x.x.x
[26qm7v8llj4tjl858safqrpsh5][] [pid 8184 on line 265 of
"/usr/share/horde/pear/php/Horde/Auth/Driver.php"]
2013-06-25T10:46:10+02:00 DEBUG: HORDE [horde] Max memory usage:
7077888 bytes [pid 8184 on line 559 of
"/usr/share/horde/pear/php/Horde/Registry.php"
...
Disabling validateAuth makes "Invalid token!" disappear.
More information about the dev
mailing list