I want create random session after successful authentication and destroy it after log out.
I don’t know what is safer. Yii::app()->user->setState or Yii::app()->session[]?
I added this code
class UserIdentity extends CUserIdentity {
protected $_id;
public function authenticate(){
$user = User::model()->find('LOWER(username)=?', array(strtolower($this->username)));
if(($user===null) || ($this->password!==$user->password)) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
} else {
$this->_id = $user->id;
$this->username = $user->username;
$this->setState('random',Model::random());
$this->errorCode = self::ERROR_NONE;
}
return !$this->errorCode;
}
public function getId(){
return $this->_id;
}
}
in function authenticate() in UserIdentity.php but it dosen’t work.