create session

I want create random session after successful authentication and destroy it after log out.

I don’t know what is safer. Yii::app()->user->setState or Yii::app()->session[]?

I added this code

class UserIdentity extends CUserIdentity {

    protected $_id;

    public function authenticate(){

        $user = User::model()->find('LOWER(username)=?', array(strtolower($this->username)));

        if(($user===null) || ($this->password!==$user->password)) {

            $this->errorCode = self::ERROR_USERNAME_INVALID;

        } else {

            $this->_id = $user->id;

            $this->username = $user->username;


            $this->errorCode = self::ERROR_NONE;


       return !$this->errorCode;


    public function getId(){

        return $this->_id;



in function authenticate() in UserIdentity.php but it dosen’t work.

setState uses a session under the hood, so you are on the right track

// you can access that random number as following