I'm working with Zend Framework 2, ZfcUser and BjyAuthorize. Logging in and access control works, but under certain circumstances users get logged out: When they try to navigate to a different page while an on the current page an AJAX call is still running.
In Chrome's Network window it shows the AJAX call as cancelled, followed by a call to the page you tried to navigate to, where the following code checks if you're logged in, finds that you're not ( $auth->hasIdentity() returns false ), and sends you to the login page.
$sm = $event->getApplication()->getServiceManager();
$auth = $sm->get('zfcuser_auth_service');
$routeParams = $event->getRouteMatch()->getParams();
// List of action non-authenticated users may access
$whitelist = array('login' => 1, 'register' => 1, 'forgotPassword' => 1, 'resetPassword' => 1);
$hasIdentity = $auth->hasIdentity();
if (!$hasIdentity && !array_key_exists($routeParams['action'], $whitelist) ) {
$targetUrl = $event->getRouter()->assemble(array(), array('name' => 'zfcuser/login', 'absolute' => true));
$response = $event->getResponse();
$response->getHeaders()->addHeaderLine('Location', $targetUrl);
$response->setStatusCode(302);
$response->sendHeaders();
}
Apparently the session just disappeared? I'm having some trouble figuring out how/where it is saved. ZfcUser\Authentication\Storage\Db is used, but that uses Storage\Session as storage, and right now I'm not sure anymore what class THAT is.
Anybody encountered something like that before, or has a suggestion where to check?