Autologin

flaho · February 17, 2016, 2:57pm

I have a problem with autologin from a cookie.

Regular login works fine from controllers/actionLogin with new Identity and authenticate…

But autologin from a cookie does not work.

I don’t understand exactly the process :

In WebUser class, check if there is a cookie and read it (ok).

What happens then ?

Does WebUser create a new identity ?

Does Webuser run the authenticate ?

Is the Login action from sitecontroller executed ?

I would appreciate some help.

soul · February 18, 2016, 11:43am

WebUser check cookies and then restore session and states

github.com

yiisoft/yii/blob/1.1.17/framework/web/auth/CWebUser.php#L455


	{
	}


	/**
	 * Populates the current user object with the information obtained from cookie.
	 * This method is used when automatic login ({@link allowAutoLogin}) is enabled.
	 * The user identity information is recovered from cookie.
	 * Sufficient security measures are used to prevent cookie data from being tampered.
	 * @see saveToCookie
	 */
	protected function restoreFromCookie()
	{
		$app=Yii::app();
		$request=$app->getRequest();
		$cookie=$request->getCookies()->itemAt($this->getStateKeyPrefix());
		if($cookie && !empty($cookie->value) && is_string($cookie->value) && ($data=$app->getSecurityManager()->validateData($cookie->value))!==false)
		{
			$data=@unserialize($data);
			if(is_array($data) && isset($data[0],$data[1],$data[2],$data[3]))
			{
				list($id,$name,$duration,$states)=$data;