Store user ID in session instead of serialized object to reduce complexity.

module/VuFind/src/VuFind/Auth/Manager.php

@@ -69,6 +69,13 @@ class Manager implements ServiceLocatorAwareInterface
      */
     protected $ilsAccount = false;
 
+    /**
+     * Cache for current logged in user object
+     *
+     * @var \VuFind\Db\Row\User
+     */
+    protected $currentUser = false;
+
     /**
      * Service locator
      *
@@ -189,8 +196,9 @@ class Manager implements ServiceLocatorAwareInterface
         // Clear out cached ILS connection.
         $this->ilsAccount = false;
 
-        // Clear out the cached user object.
-        unset($this->session->user);
+        // Clear out the cached user object and session entry.
+        $this->currentUser = false;
+        unset($this->session->userId);
 
         // Destroy the session for good measure, if requested.
         if ($destroy) {
@@ -213,17 +221,16 @@ class Manager implements ServiceLocatorAwareInterface
      */
     public function isLoggedIn()
     {
-        $user = isset($this->session->user) ? $this->session->user : false;
-
-        // User may have been serialized into session; if so, we may need to
-        // restore its service locator, since SL's can't be serialized:
-        if ($user && null === $user->getServiceLocator()) {
-            $user->setServiceLocator(
-                $this->getServiceLocator()->get('VuFind\DbTablePluginManager')
-            );
+        // If user object is not in cache, but user ID is in session,
+        // load the object from the database:
+        if (!$this->currentUser && isset($this->session->userId)) {
+            $results = $this->getServiceLocator()
+                ->get('VuFind\DbTablePluginManager')->get('user')
+                ->select(array('id' => $this->session->userId));
+            $this->currentUser = count($results) < 1
+                ? false : $results->current();
         }
-
-        return $user;
+        return $this->currentUser;
     }
 
     /**
@@ -249,7 +256,8 @@ class Manager implements ServiceLocatorAwareInterface
      */
     public function updateSession($user)
     {
-        $this->session->user = $user;
+        $this->currentUser = $user;
+        $this->session->userId = $user->id;
     }
 
     /**

module/VuFind/src/VuFind/Db/Row/User.php

@@ -68,43 +68,6 @@ class User extends ServiceLocatorAwareGateway
         parent::__construct('id', 'user', $adapter);
     }
 
-    /**
-     * Sleep magic method -- the service locator can't be serialized, so we need to
-     * exclude it from serialization.  Since we can't obtain a new locator in the
-     * __wakeup() method, it needs to be re-injected by the \VuFind\Auth\Manager
-     * (see the isLoggedIn() method of that class).
-     *
-     * @return array
-     */
-    public function __sleep()
-    {
-        $vars = get_object_vars($this);
-        unset($vars['serviceLocator']);
-        $vars = array_keys($vars);
-        return $vars;
-    }
-
-    /**
-     * Saves the properties to the database.
-     *
-     * This performs an intelligent insert/update, and reloads the
-     * properties with fresh data from the table on success.
-     *
-     * @return mixed The primary key value(s), as an associative array if the
-     *     key is compound, or a scalar if the key is single-column.
-     */
-    public function save()
-    {
-        // Since this object is frequently stored in the session, we should
-        // reconnect to the database as part of the save action to prevent
-        // exceptions:
-        $this->sql = new Sql(
-            $this->getServiceLocator()->getServiceLocator()->get('VuFind\DbAdapter'),
-            $this->table
-        );
-        return parent::save();
-    }
-
     /**
      * Reset ILS login credentials.
      *