[dev] Authentication session data cleaned by Kronolith

SSRI ssri_abo at u-paris2.fr
Tue Jun 25 09:42:37 UTC 2013


>>> Again: you must not write directly to $_SESSION. This is how it  
>>> works correctly:
>>>
>>> In __construct(), write away the information you receive from your  
>>> custom authentication backend, and what else you want to store in  
>>> the session:
>>>
>>>   public function __construct(array $params = array())
>>>   {
>>>       parent::__construct($params);
>>>       $this->_credentials['userId'] = 'username';
>>>       $this->_credentials['credentials'] = array(
>>>           'password' => 'password',
>>>           'transparent' => true,
>>>           'arbitrary_stuff' => 'xyz',
>>>       );
>>>   }
>>>
>>> Implement transparent() or _authenticate() at your will. Then, in  
>>> validateAuth():
>>>
>>>   public function validateAuth()
>>>   {
>>>       return $GLOBALS['registry']->getAuthCredential('sessionid') == 'xyz'
>>>   }
>>>
>>
>> Login works but I get an "Invalid Token!" error.
>
> Where? When? How?


After kronolith, nag, mnemo have gone through validateAuth, here's the logs :

...
2013-06-25T10:46:10+02:00 DEBUG: HORDE [mnemo] Horde_Prefs: Storing  
preference value (display_notepads) [pid 8184 on line 557 of  
"/usr/share/horde/mnemo/lib/Mnemo.php"]
2013-06-25T10:46:10+02:00 DEBUG: HORDE [horde] validateAuth x.x.x.x  
[26qm7v8llj4tjl858safqrpsh5][] [pid 8184 on line 265 of  
"/usr/share/horde/pear/php/Horde/Auth/Driver.php"]
2013-06-25T10:46:10+02:00 DEBUG: HORDE [horde] Invalid token! [pid  
8184 on line 27 of  
"/usr/share/horde/pear/php/Horde/Core/Notification/Handler/Decorator/Hordelog.php"]
2013-06-25T10:46:10+02:00 DEBUG: HORDE [horde] validateAuth x.x.x.x  
[26qm7v8llj4tjl858safqrpsh5][] [pid 8184 on line 265 of  
"/usr/share/horde/pear/php/Horde/Auth/Driver.php"]
2013-06-25T10:46:10+02:00 DEBUG: HORDE [horde] Max memory usage:  
7077888 bytes [pid 8184 on line 559 of  
"/usr/share/horde/pear/php/Horde/Registry.php"
...


Disabling validateAuth makes "Invalid token!" disappear.


More information about the dev mailing list