Zend_Session coupled with Zend_Auth throws an exception in ZF >1.0.3

hello,

I have the following code in my bootstrap (it's a htaccess prepend file)

      //Zend_Loader
      require_once ('Zend/Loader.php');

      //Init
      Zend_Loader::registerAutoload ();

      Zend_Session::start ();

      $authInstance = Zend_Auth::getInstance();
     
      $d = $authInstance->hasIdentity(); // <- this line sucks
     

I'm using ZF 1.5.2 snapshot 20080519-9472

With this code I get an exception

Fatal error: Uncaught exception 'Zend_Session_Exception' with message 'The session was explicitly destroyed during this request, attempting to re-start is not allowed.' in /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Session.php:364 Stack trace: #0 /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Session/Namespace.php(116): Zend_Session::start(true) #1 /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Auth/Storage/Session.php(87): Zend_Session_Namespace->__construct('Zend_Auth') #2 /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Auth.php(91): Zend_Auth_Storage_Session->__construct() #3 /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Auth.php(133): Zend_Auth->getStorage() #4 /home/webdev/webstage/devintra/ssl/zfweb/prepend.php(81): Zend_Auth->hasIdentity() #5 {main} thrown in /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Session.php on line 364

SO i've searched and found this difference in Zend/Session.php, (function start) between 1.5.2 and 1.0.3:

1.0.3:

if (self::$_sessionStarted) {
            return; // already started
}

1.5.2:

if (self::$_sessionStarted && self::$_destroyed) {
            require_once 'Zend/Session/Exception.php';
            throw new Zend_Session_Exception('The session was explicitly destroyed during this request, attempting to re-start is not allowed.');
}
if (self::$_sessionStarted) {
            return; // already started
}

When I comment the 4 fisrt lines it works like a charm.

I used this little code to switch between the framework snapshot and the old 1.0.3 version of the framework:

if ($_SERVER['REMOTE_ADDR']== '<my ip address>') {
        //test the development framework snapshot
        define ('ZEND_FRAMEWORK_DIR','/<my path>/frameworkSnapshot/library');
}else {
        // dev PATH TO ZEND FRAMEWORK (version 1.5.2 last snapshot)
        define ('ZEND_FRAMEWORK_DIR','/<my path>/framework/library');
}

The problem is Zend_Auth calls getStorage() and creates a new instance of Zend_Auth_Storage_Session through $this->setStorage(new Zend_Auth_Storage_Session()); Then, a new Zend_Session_Namespace is created which starts the session again. Zend_Session::start(true);

What I don't understand:
the destroy function in Zend_Session is never called. I've put a die('blah'); at first line and it never shows up :-/

can someone help me please?

Psy

I've finally changed my bootstrap to this:

//Zend_Loader
require_once ('Zend/Loader.php');

//Init
Zend_Loader::registerAutoload ();

//Zend_Session::start (); <- removed
//Zend_Session::setOptions( array('strict'=>false) ); //added

$authInstance = Zend_Auth::getInstance();
     
$d = $authInstance->hasIdentity(); // the session will start here

Now I have still my exception :
'The session was explicitly destroyed during this request, attempting to re-start is not allowed.'

I think I've found a solution.
I've seen I'm using this code few time in my app:
$auth = Zend_Auth::getInstance();
//set the custom storage class to use
//$auth->setStorage(new My_Auth_Storage_CustomStorage());

We do not have to use this code more than one time if it is in the bootstrap.
I think there are some "side effects" I don't understand (currently) which are setting
self::$_destroyed of Zend_Session at something else than a boolean.

Example: I've created a My_View_Helper_LogoutElement (a disconnection view helper) and I had this part of code inside.
self::$_destroyed has been st to String: 'My_View_Helper_LogoutElement'.

I've seen another example where self::$_destroyed had been set to the value 'Object id #22' in a controller where I had this little part of code.
So I've modified the code in my app to Zend_Auth::getInstance()->getStorage() because the storage has been set in the bootstrap.

So, I'm not a pretty good developer, but it could be nice to add some code du Zend_Session, in the start function, at the beginning:
if (! is_bool(self::$_destroyed) && !empty(self::$_destroyed) ) {
            require_once 'Zend/Session/Exception.php';
            throw new Zend_Session_Exception('The session is set as destroyed with the value "'.self::$_destroyed.'" but has not been explicitly destroyed during this request.');
}
//the code below already exists, I've just added the '===true'        
if (self::$_sessionStarted && self::$_destroyed===true) {
            require_once 'Zend/Session/Exception.php';
            throw new Zend_Session_Exception('The session was explicitly destroyed during this request, attempting to re-start is not allowed.');
}

Psyke

Psyke wrote:

hello,

I have the following code in my bootstrap (it's a htaccess prepend file)

      //Zend_Loader
      require_once ('Zend/Loader.php');

      //Init
      Zend_Loader::registerAutoload ();

      Zend_Session::start ();

      $authInstance = Zend_Auth::getInstance();
     
      $d = $authInstance->hasIdentity(); // <- this line sucks
     

I'm using ZF 1.5.2 snapshot 20080519-9472

With this code I get an exception

Fatal error: Uncaught exception 'Zend_Session_Exception' with message 'The session was explicitly destroyed during this request, attempting to re-start is not allowed.' in /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Session.php:364 Stack trace: #0 /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Session/Namespace.php(116): Zend_Session::start(true) #1 /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Auth/Storage/Session.php(87): Zend_Session_Namespace->__construct('Zend_Auth') #2 /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Auth.php(91): Zend_Auth_Storage_Session->__construct() #3 /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Auth.php(133): Zend_Auth->getStorage() #4 /home/webdev/webstage/devintra/ssl/zfweb/prepend.php(81): Zend_Auth->hasIdentity() #5 {main} thrown in /home/webdev/webstage/devintra/frameworkSnapshot/library/Zend/Session.php on line 364

SO i've searched and found this difference in Zend/Session.php, (function start) between 1.5.2 and 1.0.3:

1.0.3:

if (self::$_sessionStarted) {
            return; // already started
}

1.5.2:

if (self::$_sessionStarted && self::$_destroyed) {
            require_once 'Zend/Session/Exception.php';
            throw new Zend_Session_Exception('The session was explicitly destroyed during this request, attempting to re-start is not allowed.');
}
if (self::$_sessionStarted) {
            return; // already started
}

When I comment the 4 fisrt lines it works like a charm.

I used this little code to switch between the framework snapshot and the old 1.0.3 version of the framework:

if ($_SERVER['REMOTE_ADDR']== '<my ip address>') {
        //test the development framework snapshot
        define ('ZEND_FRAMEWORK_DIR','/<my path>/frameworkSnapshot/library');
}else {
        // dev PATH TO ZEND FRAMEWORK (version 1.5.2 last snapshot)
        define ('ZEND_FRAMEWORK_DIR','/<my path>/framework/library');
}

The problem is Zend_Auth calls getStorage() and creates a new instance of Zend_Auth_Storage_Session through $this->setStorage(new Zend_Auth_Storage_Session()); Then, a new Zend_Session_Namespace is created which starts the session again. Zend_Session::start(true);

What I don't understand:
the destroy function in Zend_Session is never called. I've put a die('blah'); at first line and it never shows up :-/

can someone help me please?

Psy