The Master Zend Framework continues its series about using sessions in Zend Framework 2 applications. In part two of the series he focuses on validators and some of the backend storage options the framework makes possible.
In last week’s tutorial we covered the basics of sessions in Zend Framework 2, looking at how to implement them by making changes to module/Application/Module.php so that they’re available application-wide then how to both set and retrieve information in the session. In this week’s tutorial, we’re going to take last week’s post further, by looking at session validation as well as different backends. These two things will help protect your session data from session hijacking, as well as help you scale your application, by storing the information using a more universal backend, which a filesystem most often times will never be.
He starts off with a bit of background about the structure of an average session in the framework is like, broken out into sections via the "Container" object. Then he starts in on the validators and describes a two of the built-in methods: "HttpUserAgent" and "RemoteAddr". A few code examples are included before he moves on to the backend options (like Cache, DbTable and MongoDB) using a "StorageFactory" object in the configuration.