create session

I want create random session after successful authentication and destroy it after log out.

I don’t know what is safer. Yii::app()->user->setState or Yii::app()->session[]?

I added this code


class UserIdentity extends CUserIdentity {

    protected $_id;

    public function authenticate(){

        $user = User::model()->find('LOWER(username)=?', array(strtolower($this->username)));

        if(($user===null) || ($this->password!==$user->password)) {

            $this->errorCode = self::ERROR_USERNAME_INVALID;

        } else {

            $this->_id = $user->id;

            $this->username = $user->username;

            $this->setState('random',Model::random());

            $this->errorCode = self::ERROR_NONE;

        }

       return !$this->errorCode;

    }


    public function getId(){

        return $this->_id;

    }

}

in function authenticate() in UserIdentity.php but it dosen’t work.

setState uses a session under the hood, so you are on the right track


// you can access that random number as following

Yii::app()->user->random