Search code examples
zend-frameworkzend-sessionlibmemcached

Zend_Session_SaveHandler_Interface and a session_id mysterie


I'm trying to setup my own Zend_Session_SaveHandler based on this code http://blog.digitalstruct.com/2010/10/24/zend-framework-cache-backend-libmemcached-session-cache/

This works great, except that my session_id behave mysteriously. I'm using the Zend_Session_SaveHandler_Cache class as you can find it in the blog above (except that I parked it in my own library, so it's name now starts with My_).

In my bootstrap I have:

protected function _initSession()
{            
    $session = $this->getPluginResource('session');
    $session->init();    
    Zend_Session::getSaveHandler()->setCache( $this->_manager->getCache( 'memcached' ) );
}

To get my session going based on this code in my .ini file

resources.cachemanager.memcached.frontend.name                            = Core
resources.cachemanager.memcached.frontend.options.automatic_serialization = On
resources.cachemanager.memcached.backend.name                             = Libmemcached
resources.cachemanager.memcached.backend.options.servers.one.host         = localhost
resources.cachemanager.memcached.backend.options.servers.one.port         = 11213

So far so good. Until somebody tries to login and Zend_Session::rememberMe() is called. In the comments of Zend_Session one can read

normally "rememberMe()" represents a security context change, so should use new session id

This of course is very true, and a new session id is generated. The users Zend_Auth data, after a successful log in, is written into this new session. I can see this because I added some logging functionality to the original class from the blog.

And here is where things go wrong. This new id isn't passed on the Zend_Session apparently, because Zend_Session keeps on reading the old id's session data. In other words, the one without the Zend_Auth instance. Hence, the user can no longer log in.

So the question is, how to make my saveHandler work with the new id after the regeneration? Cheers for any help.


Solution

  • Ok, I'm blushing here.... I was looking at the wrong place to find this error. My session saveHandler was working just fine (so I can recommend Mike Willbanks his work if you want libmemcached session management).

    What did go wrong then? Well, besides switching from file to libmemcached, I also switched from setting up my session in bootstrap to setting it up in my application.ini. So, instead of putting lines like

    session.cookie_domain = mydomain.com
    

    in my application.ini (which were then used in bootstrap as options to setup my session), I now, properly, wrote

    resources.session.cookie_domain = mydomain.com
    

    And this is were things went wrong, because.... I only changed those lines for production, I forgot to change them further down the ini file. In other words, my development env. got the cookie_domain of my production env., which is wrong as I use an other domain name during devolepment. So, on every page load, my cookie was invalidaded and a new session started. Mysterie solved...