Recently on a project I had to make changes to a underlying portion of the sites architecture to move sessions in Zend Framework from file storage to database storage. However this affected a piece of the architecture. Node.js, which manages all our real time interaction, looked at sessions at the file level. This was quite a easy transition for the function as it was abstracted away in a function call so the theory was to just replace the function “guts” with a new component. In regards to setting up Node.js authentication with Zend Framework please check out this (http://anthonyw.net/?p=269) article.
The original function:
function authorizePHPSession(phpSessionId, cb) {
try {
fs.readFile('/path/to/sessions/sess_'+phpSessionId, 'utf8', function(err, data) {
if(err) {
throw err;
}
if(data.search(phpSessionId.toString()) > -1) {
cb(null, true);
} else {
cb(null, false);
}
});
} catch(e) {
cb(null, false);
}
}
Here is the new code:
function authorizePHPSession(data, cb) {
var phpSessionId = getPHPSessionId(data.headers.cookie);
dbClient.connect();
dbClient.query(
"SELECT * FROM `Sessions` WHERE data LIKE '%Zend_Auth|a:1:{s:7:\"storage\";s:%:\"%\";}%' AND `id` = ?",
[phpSessionId],
function(error, rows, fields) {
if(error) {
console.log('Error: ' +error);
cb(null, false);
} else {
if(rows.length == 1) {
data.phpSessionId = phpSessionId.toString();
cb(null, true);
} else {
cb(null, false);
}
}
});
dbClient.end();
}
This authorization check now access the Sessions table set up via Zend Framework, for more information in regards to moving session from the file level to the database level please check out this article: http://dionysus.uraganov.net/frameworks/zend-framework-storing-session-in-database/. The check makes two assumptions. One there is an “id” field in your table schema that matches the string in your headers/cookies. Second is the string it matches againnst the database entries. The web application uses the default Zend_Auth namespace so if there are customizations on this namespace the string will vary based on that customization.
