Zend Framework Authentication

Zend Framework is an open source, object oriented web application framework implemented in PHP5.
Today Zend Framework is the most popular Framework for modern, high performing PHP applications.

Zend provides developers with a lot of infrastructure such as: Authentication, Access-List, Controllers, Modules, Plugins and many more, for the on going server tasks.
All of this infrastructure put together, makes the Zend Framework a highly versatile Framework.

Authentication in Zend Framework

Authentication is the process of verifying that the provided credentials are valid for the system. By authenticating in your system, your users can identify themselves.

For managing and authenticating users in Zend Framework, we have the Zend_Auth class with various authentication methods.

Zend_Auth is very scalable and has many different authentication methods such as: Database table, Digest, HTTP, LDAP, and Open Id authentication.
Zend_Auth provides an API for authentication and includes concrete authentication adapters for common use case scenarios. It is also very easy to extend Zend_Auth and write your own authentication adapters.

Many developers may try to use the Zend_Auth for authorization as well, but Zend_Auth should only be used for authentication.
For authorization please use Zend_Acl.
You can read more about it in our Zend Authorization and Access List blog


There are 2 important stages in authenticating users.
1. Validating credentials.
2. Storing/Generating the session.


For the validation process we shall use the Zend_Auth_Adapter_Interface.
The Zend_Auth_Adapter_Interface defines one important method – authenticate() – for which every adapter class who implements that interface must declare it for authentication query purposes.
The Zend authenticate method returns the Zend_Auth_Result with all the various return codes in order to perform more specific operations.

For examples and documentation click here.


Authenticating a request that includes authentication credentials is vital, but it is also necessary to maintain the authenticated identity without having to re-authenticate on each subsequent request to the server.
HTTP is a stateless protocol, however, techniques such as cookies and sessions have been developed in order to facilitate maintaining state across multiple requests in server-side web applications.
By default, Zend_Auth provides persistent storage of the identity using the PHP session. Upon successful authentication the authenticate() method stores the session with the Zend_Auth_Storage_Session class.
In order to customize the Zend_Auth storage, you may use an object that implements Zend_Auth_Storage_Interface.

For code samples and tutorials click here.