sessions: Zend session lost. session_start culprit?

[GoogleCodeExporter]

What steps will reproduce the problem?
1. In a Zend-based application, create a session. 
2. Use a PFBC-based form. It includes code that creates a session via 
session_start();. As per 
http://framework.zend.com/manual/en/zend.session.advanced_usage.html, this is 
not recommended, and indeed fails to protect the session data.
3. What is the suggested solution to this? 

What is the expected output? What do you see instead?
Expected output is the session coming up with the information in it. 
session_start(); apparently removes previous data.

What version of the product are you using? On what operating system?
PFBC version 1.4, but I expect it to happen everywhere there is a 
session_start();

Please provide any additional information below.
Example behaviour: I used Zend_Acl to authenticate. Once logged in, it shows 
the form OK. But when activating any action, it prompts back to the login 
screen, logging you out. I assume, losing the session info.

Original issue reported on code.google.com by xmaria...@gmail.com on 23 May 2011 at 7:03

[GoogleCodeExporter]

I am having the same issue with my own session class.

Whenever I have my own session e.g. for a user login and submit PFBC-based 
form, I my original data in sessions get cleared my user is logged out. 

when I put print_r($_SESSION) near the bottom of the page of the form and then 
enter the page, I can see all of my own session data active. 

Once i hit submit on the PFCB based form, my own session data disappears. 

Original comment by onj...@softwareology.com on 12 Oct 2011 at 3:39

[GoogleCodeExporter]

Ok, I have made some headeway.

PFBC loeses my session data if my session variables are stored in an array in 
the session, such that

$_SESSION['username'] = 'John' is not lost
but $_SESSION['userdata']['username'] = 'John' is not lost

Original comment by onj...@softwareology.com on 12 Oct 2011 at 4:12

[GoogleCodeExporter]

Hey Guys,

Just to verify, you're both using version 1.1.4 of this project?  Please let me 
know as this will help me determine where the issue is.

- Andrew

Original comment by ajporterfield@gmail.com on 12 Oct 2011 at 1:22

[GoogleCodeExporter]

This happens to me in 1.1.4, haven't tested on 2.x yet.
Are sessions handled differently on 2.x?

I also would appreciate an explanation on how PFBC handles sessions, thank you.

Original comment by xmaria...@gmail.com on 17 Oct 2011 at 10:08

[GoogleCodeExporter]

To answer your question, "yes" - sessions are handled differently in version 
2.x.  In the 1.x branch, sessions are used to load a form's css/js files 
dynamically.  This was done originally for XHTML strict compliance; however, it 
causes problems when the PFBC project is used within a framework that has 
session management baked in - such as Zend.  I would highly recommend giving 
2.x a try.  Sessions are still leveraged for validation, but I think you'll 
find that it plays nicely with your system.

Good luck,
Andrew

Original comment by ajporterfield@gmail.com on 17 Oct 2011 at 1:29

[GoogleCodeExporter]

I was having the issue on 2.X with php 5.3.

let me ask you, after form validating the form, what action should happen next?
Must one redirect the form?
Is there a session clearing method to call?

My sessions that are arrays are being lost when I move between pages.
I would love to see more examples to ensure I'm not doing anything wrong to 
cause my session arrays to be lost when i do my own session management.

Thanks!

Original comment by onj...@softwareology.com on 18 Oct 2011 at 1:27

[GoogleCodeExporter]

All the examples included in the project's download zip demonstrate how to 
handle form validation.  After the form is submitted, you use the isValid 
method to determine if there's validation errors within the form's submitted 
data.  If so, all you need to do is redirect back to the form and the errors 
will automatically be displayed to your users.  If the form doesn't contain 
validation errors, you can continue with any required processing of the data 
(add/update/delete a database record, build and send an email, etc).

if(PFBC\Form::isValid("<form_id>")) {
    header("Location: <url_back_to_form>");
    exit();
}
else {
    //Continue w/Further Processing
}

Are you starting a session on each page that you're moving between?

Original comment by ajporterfield@gmail.com on 18 Oct 2011 at 5:28

[GoogleCodeExporter]

If I understand correctly, the following line:
if(PFBC\Form::isValid("<form_id>")) { 

is true and applicable only when there is an error?
And the else clause is for when the form DOESN'T contain errors?

Original comment by onj...@softwareology.com on 19 Oct 2011 at 1:38

[GoogleCodeExporter]

By the way, thank you for your help. :)

Original comment by onj...@softwareology.com on 19 Oct 2011 at 1:40

[GoogleCodeExporter]

Sorry, the code snippet I provided isn't correct - as you've pointed out.  The 
isValid method returns true when no errors are found.  So, the code snippet 
should be...

if(PFBC\Form::isValid("<form_id>")) {
    //Continue w/Further Processing
}
else {
        header("Location: <url_back_to_form>");
    exit();
}

Original comment by ajporterfield@gmail.com on 19 Oct 2011 at 1:51