[Solar-talk] Solar_Auth possible bug and questions
Rodrigo Moraes
rodrigo.moraes at gmail.com
Thu Jul 13 06:49:38 PDT 2006
Three Solar_Auth topics on this e-mail:
1. Session object destruction failed
This error occurrence may be rare:
Warning: session_regenerate_id() [function.session-regenerate-id]:
Session object destruction failed in ...\Solar\Auth.php on line 421
(PHP 5.1.2, Windows XP)
Line 421 says:
// reset the session id and delete previous session
session_regenerate_id(true);
It happened to me after I re-submitted a login form hours after I have
logged in for the first time (I've gone away and then back to work
after some hours, hit F5...). I guess this happens because
session_regenerate_id() *needs* a session to be destroyed, otherwise
it will cause a warning.
2. Problems trying to login using pt_BR locale
It took me a while to discover why I couldn't login / logout using the
pt_BR locale (and Solar_Auth_Adapter_Sql). With en_US and fr_FR it
worked fine. It is because 'SUBMIT_LOGIN' / 'SUBMIT_LOGOUT' must be
identical to the *global* locale, en_US, if you are using a locale
different from the default in your app (which was true for fr_FR, but
not for pt_BR). Is this an expected behavior? In my app, the locale
was set to 'pt_BR', while the global locale was the default, 'en_US'.
The user locale should always be specified in a global manner, right?
3. Persistent login
Is there a plan to implement persistent login in Solar_Auth or this
should be done in a per project basis? I don't want users logged out
after session expires and would like to implement a persistent login
using cookies and a hash check [1]. Hope this would not be a bad idea
(I have just ordered php|architect's Guide to PHP Security).
regards,
rodrigo moraes / brazil
[1] http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice
More information about the solar-talk
mailing list