Correct way to instantiate Zend_Session_Namespace and Config

Question

I have been working for a month or so on a new web app. I have a developer working on a lot of the backend stuff while I do all the front end coding and some of the backend. The application is using the Zend Framework. I am now going through and vetting his code as I find a lot of his choices to be not optimal. A few key things I have noticed is that he instantiates the session object in a lot of controllers

$session     = new Zend_Session_Namespace('crSession');

This occurs in a variety of methods across a few different controllers. Is this good practice? Should it not just be required once? There is a simple user auth system with no levels or anything.

Secondly he is grabbing the config file in tons of places as well. Sometimes like so:

$config    = Zend_Registry::get('config');

or this

$config  = new Zend_Config_Ini(APPLICATION_PATH.'/configs/application.ini', 'production');

This boggles my mind because if we want to change this or change to development we have to change 10 files. Is there any scenario where the above instantiations happening within multiple methods both on controllers and models would be necessary?

Thanks for your help.

Answer 1

I see nothing wrong with the way the sessions are being instantiated in controllers using Zend_Session_Namespace. If your application doesn't start a session in bootstrap, then one can be started anywhere else in the application by creating a new Zend_Session_Namespace.

There is additional overhead incurred when starting a new Zend_Session (much more than just session_start() is called), so if every page of your application doesn't have the need for an active session, you can consider avoiding starting a session globally in the bootstrap or a plugin. In this case, starting a session from the controller as he is doing is fine so I would say that is not bad practice.

If a session is started at the bootstrap level but there is the need to isolate certain session data from other data or because it needs to expire at a certain time or only be available for so many hops, then it is also fine to use Zend_Session_Namespace in individual controllers.

In regards to getting the config, I see no problem with using

$config = Zend_Registry::get('config');

throughout the application. I'd guess in the bootstrap that the config file gets parsed into an object or array and is then put in the registry for global access. Assuming the bootstrap loaded the config using the correct configuration (production, development), then this is probably the easiest way to make your config available to any other part of your application.

I do, however, agree that the second method you pointed out (re-parsing the config using the full path and hardcoded production value) is probably not good. In my opinion, all of those instances should be replaced with the former piece of code (unless there was a specific reason he needed a particular value from the production configuration regardless of how the application was currently running).