ZF2 Set Zend\AuthenticationService to use second session or cookie based on url or module - McMap

About

ZF2 Set Zend\AuthenticationService to use second session or cookie based on url or module

Asked 29/9, 2016 at 14:0 Answered 5/12, 2016 at 16:37

Solved zend-framework2 session-cookies zend-session

D

1

7

I have set up two user account modules - administrator and customer. My current set-up means if you log into administrator my app thinks you're logged in as a customer also. The solution I've decided upon is to create a session where the cookie path is based on the administrator url, i.e. set the cookie_path as /administrator.

In my administrator Module.php onBootstrap function I have included:

$sessionConfig = new SessionConfig();
$sessionConfig->setOptions(['cookie_path' => '/administrator']);
$sessionManager = new SessionManager($sessionConfig, null, null);
Container::setDefaultManager($sessionManager);

which sets the cookie path, but this affects the entire application; i.e. the rest of the site is cookie free because the urls do not begin with /administrator.

How do I set up my application so that the cookie_path for my administrator module is different to the rest of the application?

[edit]

What I am after is two cookies - one for admin path, and one for the rest of the application.

[edit]

I am using Zend\Authentication\AuthenticationService for ACL. What I am trying to achieve is for a user to log into the customer section of the website and do stuff, and then log into the admin panel to do stuff.

As an example, Magento will set one cookie when dealing with customer account log in, then another cookie when dealing with admin account log in.

How do I set up Zend\Authentication\AuthenticationService to use a second session or cookie based on url / module?

Deductive answered 29/9, 2016 at 14:0 Comment(4)

I suppose admins & customers log in using the same controller/action and same AuthenticationService? – Brothers 29/9, 2016 at 23:45

Different controllers, but the same AuthService. All of my admin controllers extend an abstract controller, so I have tried to set up a new Session, SessionConfig, SessionManager for the AuthService to use. Didn't work - seemed to completely ignore the new session. – Deductive 30/9, 2016 at 8:3

Have you looked at an ACL layer? You only need to authenticate a user once and ACL would control were that user can go. Set roles for your users and limit the access via roles to you controllers/methods, you can set an MCV listener to check if the user should have access to an area also the ACL will integrate in zend navigation and you filter your menu too. Check out my modules github.com/uthando-cms for working examples of this there I have an admin, user and navigation module to see I I did it. – Plaice 30/9, 2016 at 16:5

I've already set up ACL and Nav and it works as expected. I want to set up a separate ACL for admin and front-end otherwise admin will need to log in as admin to do something, then log into customer to do something then log into admin to do something, then... I want to be able to log into customer once and admin once and be able to access both as the respective user. – Deductive 30/9, 2016 at 16:50

D

0

To set a new namespace on the authentication service, do the following:

$auth = $e->getApplication()->getServiceManager()->get('Zend\Authentication\AuthenticationService');
$auth->setStorage(new \Zend\Authentication\Storage\Session($_namespace));

In my question I wanted create a disparate session for my admin area. In my abstract controller (where I am checking the $auth details against my acl set-up) I have:

$params = $e->getRouteMatch()->getParams();

/** @var \Zend\Authentication\AuthenticationService */
$auth = $e->getApplication()->getServiceManager()->get('Zend\Authentication\AuthenticationService');
$_namespace = current(explode('\\', $params['__NAMESPACE__']));
// Most generic session namespace.
if(in_array($_namespace, ['Customer', 'Application', null])) {
    $_namespace = 'Zend_Auth';
}
$auth->setStorage(new \Zend\Authentication\Storage\Session($_namespace));

This does not create a second cookie, but it does mean I can go to domain.dev/account (customer section) and be able to log in independently of domain.dev/administrator (admin section) which is ultimately what I was attempting to do.

Deductive answered 5/12, 2016 at 16:37 Comment(0)

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.