I've looked at Magento but I don't have the time or patience to make sense out of it's use of Zend. Seems they have their own framework wrapped around Zend called Mage which is just creating additional indirection for me to struggle with.
Anyways, I'm curious to see how others implement authentication (maybe authorization as well) while using Zend.
1. Submit login FORM to login controller -- which then redirects/forwards you to a dashboard
This much is pretty obvious but during this action I assume you also store a SESSION value indicating access levels (ACL) or userid indicating basic authorization?
The next page refresh, where do you check this SESSION value to determine whether you should redirect to login screen or not?
Obviously this should be centralized as it doesn't make sense to check for a basic SESSION in each controller invoked. Likewise, what about advanced authroization? Do you check permissions/roles/whatever inside each action for really fine grained access control?
I'd like to see a clean cut, simple example of a Zend controller action or two which demonstrates what a typical action might look like when generating a full fledged view for an application, like say phpBB.
If your going the ACL route, I wrote plugin awhile back that I never really got around to finishing/implementing.viewtopic.php?f=19&t=66427&p=374049#p374049