See the most recently published version of this document. Also, the Zend Framework Auth team greatly appreciates your feedback and contributions on our email list: fw-auth@lists.zend.com

With web applications written using PHP, a session represents a logical, one-to-one connection between server-side, persistent state data and a particular user agent client (e.g. web browser). Zend_Session helps manage and preserve session data, a logical complement of cookie data, across multiple page requests by the same client. Unlike cookie data, session data is not stored on the client side, and it is only shared with the client when server-side source code voluntarily makes the data available via a response to a request from the client. For the purposes of this component and documentation, session data refers to the server-side data stored in $_SESSION[], managed by Zend_Session, and individually manipulated by Zend_Session_Namespace accessor objects. Session namespaces provide access to session data using classic namespaces implemented logically as named groups of associative arrays, keyed by strings (similar to normal PHP arrays).

Zend_Session_Namespace creates instances of accessor objects for namespaced slices of $_SESSION[]. The Zend_Session component wraps the existing PHP ext/session with an administration and management interface, as well as providing an API for Zend_Session_Namespace to persist session namespaces. Zend_Session_Namespace provides a standardized, object-oriented interface for working with namespaces persisted inside PHP's standard session mechanism. Support exists for both anonymous and "login" session namespaces. Zend_Auth, the authentication component of the ZF uses Zend_Session_Namespace to store some information associated with authenticated users in the "Zend_Auth" namespace. Since Zend_Session uses the normal PHP ext/session functions internally, and all the familiar configuration options and settings apply (see http://www.php.net/session ), with the bonus of convenience through an object-oriented interface and defaults providing both best practices and smooth integration with the Zend Framework. Thus, a standard PHP session id, stored either in a client's cookie or embedded in URLs, maintains the association between a client and session state data.

The default ext/session save handler does not solve the problem of maintaining this association, when a client may connect to any sever in a cluster of servers, since session state data is saved to the local server only. A list of additional, appropriate save handlers will be provided, when available. Community members are encouraged to suggest and submit save handlers to the fw-auth@lists.zend.com list. A Zend_Db compatible save handler has been posted to the list.