Auto-login user by GET value, for testing?

Okay, I want to stress-test a part of my web application, to see just how many users our current server could handle before things get slow and we need to upgrade. The current plan is to just write up a quick JS script, and have it hammer the server with different types of requests (this portion of the application is AJAX-based) from different accounts.

The problem lies in the “different accounts” bit. For that to work, I need the JavaScript app to say, “I’m user 1086 now!” and for Yii to just plain unquestioningly accept that as truth. Specifically, I need the server to temporarily accept user ID GET values between 1000 and 1099 as actual login credentials without a cookie or password.

How can I manage such a thing?

It all depends on your code…

For example the default code generated by Gii uses this to get the POSTed username and password







You can change it to use $_GET[’…’]

Then the link like would log you in

Unfortunately, that’s an actual login process, which will skew the results. It also involves a password. I want to optionally swap out the cookie-based session system, so that when the server receives the user ID via GET (which will vary multiple times per second), it acts as though it has received a valid cookie, and continues processing as normal from that point.

You need to login the user so to get effective different users in the application… so you can change the actionLogin to do just that ;)

Check how the login process works… you can send just the ID in the URL… create a dummy CUserIdentity and call CWebUser->login()…

I have just recently begun digging more and more into the actual Yii code, and that actually looks like it will work, thank you!

Sorry guys but … I am watching CWebUser class.

        $user = new CUserIdentity('username', 'password');

        $cwebuser = new CWebUser;


do not work.

It work, but not if that code is inside a request lige $request = file_get_content($fileWithAuthentication); I think this is obvious: file_get_content has not my sessio. It is right?

This code is proposed by facebook developers page:


$app_id = "********";

$app_secret = "********";

$my_url = "";


$code = $_REQUEST["code"];

if (empty($code)) {

    $_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection

    $dialog_url = ""

            . $app_id . "&redirect_uri=" . urlencode($my_url) . "&scope=email&state="

            . $_SESSION['state'];



if ($_REQUEST['state'] == $_SESSION['state']) {

    $token_url = ""

            . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)

            . "&client_secret=" . $app_secret . "&code=" . $code;

    echo 'Carico ' . $token_url;

    $response = file_get_contents($token_url);

    $params = null;

    parse_str($response, $params);

    $graph_url = ""

            . $params['access_token'];

    $file = file_get_contents($graph_url);

    $user = json_decode($file);




Now I just want to say! "Hey this is a facebook user. You can login him without any form." but I am not able to do that. =(