Zend Session Best Practice: Use Zend Auth Namespace for other data?

Question

I am trying to work out the best configuration for my Zend Session Namespaces.

I have two categories of data that I need to track in a user's session. The first is confidental data related to the user. When the user logs out, the information should be removed from the session.

The second category of data contains non-confidential information related to the usage patterns of the particular user agent. It should persist once the user logs out.

I am using Zend_Auth, and so have an Auth namespace in the session. I think that I should persist the other user-related data in this session. (I presume that Zend_Auth::getInstance()->clearIdentity() will destroy the entire namespace).

Furthermore, I think I need a second namespace for storing the UA-related info, one that will not be destroyed on logout.

Does this sound reasonable? I'd be keen to hear from anyone who has experience using the Auth namespace to store additional info.

Thanks!

Answer 1

After experimenting with this I found that it was safer to leave Zend Auth's session namespace alone. Instead, I have set up an alternative namespace in the session for all data that should be removed on logout, and I am using namespaceUnset to kill it.

Answer 2

It sounds alright. I do not see why not. I personally use Zend_Session_Namespace all the time when I deal with cases with yours. I do not think you need to clear the session, it is on the server and it will get dumped anyways. Whenever you want to clear identity is one thing, this way the user will be logged out, but whatever else you are storing, you do not need to clear.