Description: ------------ When $this->_auth_obj->setAuthData() is called from within a custom Auth_Container class by a parent Auth_HTTP class the authData is stored under the session variable '_authsession' during authentication. After authentication the internal session variable is moved to '_authttp'.md5(realm) but the previously stored session data is not copied to the new session variable. Reproduce code: --------------- http://www.theduckets.com/auth_http_container_bug.tar.gz Expected result: ---------------- test1 and test2 were inserted into authData during authentication. they are no longer accessible. test1 = test data1 test2 = test data2 Adding test3 and test2 to the authData. Test3 and test4 are still accessible. test3 = test data3 test4 = test data4 Actual result: -------------- test1 and test2 were inserted into authData during authentication. they are no longer accessible. test1 = test2 = Adding test3 and test2 to the authData. Test3 and test4 are still accessible. test3 = test data3 test4 = test data4

You can workaround this by by inserting the follow line in Auth/HTTP.php at line 183 182:$this->Auth($storageDriver, $options); 183:$this->storage->_auth_obj->_sessionName =& $this->_sessionName; 184:}

there is a reason if "the internal session variable is moved to '_authttp'.md5(realm)". Without this add on and by using the Auth _authsession users successfully authenticated in one realm will gain access to every realm regardless of their name. This add-on solve the realm related bug. Now each realm is a separate protected area. In other words you can have 2 realms on your site admin -> only for administrators user -> for users a user successfully authenticated in the user realm will not have access to the admin realm. If we use the session provided by Auth, then users will have access to every realm. If you can be a bit more specific on what pratically can't be achieved with the current RC1 we would be happy to assist. I assume you are using RC1.

you bug test fails apparently http://dotgeek.org/sg/auth/bug.php result: test1 and test2 were inserted into authData during authentication. they are no longer accessible.>>> They are apparently test1 = test data1 test2 = test data2 Adding test3 and test2 to the authData. Test3 and test4 are still accessible. test3 = test data3 test4 = test data4

Thank you for taking the time to report a problem with the package.nUnfortunately you are not using a current version of the package -- nthe problem might already be fixed. Please download a newnversion from http://pear.php.net/packages.phpnnIf you are able to reproduce the bug with one of the latestnversions, please change the package version on this bug reportnto the version you tested and change the status back to "Open".nAgain, thank you for your continued support of PEAR. The user didn't reply to my 26 May message where I show that apparently the bug is bogus, so I assume all has been solved with an upgrade.

This problem also affects scripts that uses DB as container. None of my PHP applications that uses AUTH_HTTP works anymore after updating from Auth_HTTP 2.0 to 2.1.4. The data of the additional fields that I want returned from getAuthData is gone. After testing different CVS versions betveen release 2.0 and 2.1.4, the last CVS version that this worked was 1.13. In version 1.14, there was new code in assignData that changes the session name. Since DB uses $this->storage->_auth_obj->_sessionName to find the session name to store the data in, it looks like you have to do as the second comment describes: "Set $this->storage->_auth_obj->_sessionName" too.