The other day there was a bug going around in my clients website, but I couldn’t figure out how to reproduce it. It turned out that Yii’s default remember me feature stores all session data user “states” in a cookie. On my website, there was a whole lot of data stored in the session. So, when a user pressed ‘remember me’ when logging on, all of it was stored in a cookie. Apache didn’t like the large cookie and started giving strange errors at strange times.
So learn from my mistake - if you are storing lots of data in the session states, override CWebUser restoreToCookie() and saveToCookie()
Also, Yii’s default implementation of restoreToCookie() obviously does not authenticate the user with the database.
I recommend having it just store the user id and hashed password to the cookie. Then it can authenticate those values and store the rest of the data back in the session when the user comes back to the site.