Cookie and states problem

samdark · August 8, 2009, 9:23pm

Hello, everyone!

I’m having a problem with restoring states set at UserIdentity when using enableCookieValidation feature.




<?php

class UserIdentity extends CUserIdentity {

    public function authenticate(){

        // … authentification with User model


        // setting 'role' state

        Yii::app()->user->setState('role', $user->role);

        

        // … setting some other states


        // … returning error code

    }

    // …

}

Then in my controller I’m dumping some info (only when authentificated not to mess with headers):




CVarDumper::dump(Yii::app()->user->getState('role'), 10, true);

CVarDumper::dump($_SESSION, 10, true);

right after authentification I’m getting:




'admin' array

(

    [a50e1d18405b8133824c7f770e7bc5dcrole] => 'admin'

    [a50e1d18405b8133824c7f770e7bc5dcuseHttps] => false

    [a50e1d18405b8133824c7f770e7bc5dc__id] => 19

    [a50e1d18405b8133824c7f770e7bc5dc__name] => 'Alexander'

    [a50e1d18405b8133824c7f770e7bc5dc__states] => array()

)

I’m getting the same data most of the time I’m closing and opening my browser again.

But sometimes (not sure, but maybe it’s when a day or two passes without going to test website) I’m getting:




null array

(

    [a50e1d18405b8133824c7f770e7bc5dc__id] => 19

    [a50e1d18405b8133824c7f770e7bc5dc__name] => 'Alexander'

    [a50e1d18405b8133824c7f770e7bc5dc__states] => array()

)

So no state data at all… but user is still authentificated.

What am I doing wrong?

samdark · August 9, 2009, 4:03pm

Tested with two different servers (Windows, Suse) and different browsers. Still having the problem…

ivolucien · September 30, 2009, 12:31am

I’m new here, but am messing with states and cookies myself. Have you fixed this or narrowed down the circumstances since you posted this? If you’d like me to do a quick test and see if I can add anything useful, I’d be happy to give it a shot.

Ivo in Seattle

samdark · September 30, 2009, 12:01pm

I’ve decided not to store anything except ID in cookies and is using WebUser properties:




class WebUser extends CWebUser {

  function getRole(){

    // db query here

    return $role;

  }

}

ivolucien · October 1, 2009, 1:17am

I suppose that’s more secure and reliable, I’ll take that advice. Thanks for the reply.