Separate Zend Application for control panel?

Question

Shall I create a separate Zend Application for the user backend of a web application?

My main concern is that I have to have a separate Zend_Auth on both the public website (for clients to login) and for employees to manage the site.

Since it appears to me that I can't use multiple Zend_Auth instances in one application this would be the only solution.

The next concern would be that the two Zend_Auth sessions will collide since they run on the same webspace?

Cheers

Answer 1

Actually, Benjamin Cremer's solution won't work, because Zend_Auth_Admin extends a Singleton implementation, so its getInstance() would yield a Zend_Auth instance, not a Zend_Auth_Admin one.

I myself was confronted with this situation, and seeing that the ZF people (at least in ZF1) see authetication as a single entry-point in an application (they could've made it so that Zend_Auth could contain multiple instances, using LSB in php etc.), made a minor modification to Benjamin Cremer's code - you must also override the getInstance():

<?php

class AdminAuth extends Zend_Auth
{
    /**
     * @var AdminAuth
     */
    static protected $_adminInstance;

    /**
     * @return Zend_Auth_Storage_Interface
     */
    public function getStorage()
    {
        if (null === $this->_storage) {
            $this->setStorage(new Zend_Auth_Storage_Session('Zend_Auth_Admin'));
        }
        return $this->_storage;
    }

    /**
     * Singleton pattern implementation.
     *
     * @return AdminAuth
     */
    public static function getInstance()
    {
        if (null === self::$_adminInstance) {
            self::$_adminInstance = new self();
        }
        return self::$_adminInstance;
    }    
}

Answer 2

Zend_Auth implements the Singleton Pattern so there can only exist one instance of this class.

To distinguish whether the current identity is an admin or an user you could use an isAdmin-Flag, or even better implement the Zend_Acl_Role_Interface.

If it is really required by your application to have two Auth-Sessions at the same time (one for a User, on for an Admin) you could 'copy' the Zend_Auth class by extending it and adjust the session storage.

<?php
class Zend_Auth_Admin extends Zend_Auth
{
    /**
     * Returns the persistent storage handler
     *
     * Session storage is used by default unless a different storage adapter has been set.
     *
     * @return Zend_Auth_Storage_Interface
     */
    public function getStorage()
    {
        if (null === $this->_storage) {
            $namespace = 'Zend_Auth_Admin'; // default is 'Zend_Auth'
            /**
             * @see Zend_Auth_Storage_Session
             */
            require_once 'Zend/Auth/Storage/Session.php';
            $this->setStorage(new Zend_Auth_Storage_Session($namespace));
        }

        return $this->_storage;
    }
}

So you can use two distinct Auth objects for your Session handling

Zend_Auth::getInstance(); // instance for users
Zend_Auth_Admin::getInstance(); //  instance for admins