Difference among these approches

Dear All,

I am sorry I think I am confused with these approaches and Can any one provide some clarifications If I am wrong

  1. In UserIdentity class after authentication we do


. I see this gets stored in browser cookies . So whatever we store in UserIdentity object gets stored in cookies …? any way to store it in non readable encrypted format .


:- This is for storing session level variables or Objects

3)In UserIdentity class we can also use


, is this some thing different from the above two ? Where this information gets stored …?

Any other ways similar to the above approaches …?

Thanks for your help


Yii Fan

Hi Yii Fan,

all the data of your 3 cases is saved on the server. The client holds only the sessionId as identifier to tell the server: "hey server, dou you remember me? my identifier is <sessionId>".

  1. Browser holds only the sessionId. Session data is saved at your server (file or database storage). So you don’t have to encrypt any.

  2. same as above - session data is not saved at client side

  3. states works like Yii session, but they are piece of UserIdentity and maintain with a bundle of usefull methods.

Do you need more approaches? Make what you want to extend Yii for your own.



Thank You bn77 for the information . So there is no difference in three approaches . The question came up because for the first one we have to extend CWebUser o store it and for others it is straight forward .

Thank You

Yii Fan

  1. Anything you save through CUserIdentity::setState during authentication will be saved in a cookie, if cookie based login is enabled.

  2. Anything you save through CWebUser::setState will be saved in user session. The session keys are prefixed, so when you call Yii::app()->user->logout(false), not the complete session is destroyed but only the states.

  3. Apart from the above you still can access the session directly (or through Yii::app()->session which is equivalent).

Thank You Mike for the information . This cleared all my questions .



What’s the difference between these? I’ve noticed that if you set any states via CUserIdentity::setState(), you can access those via CWebUser::getState().

Also, if you use CUserIdentity::setState() to set a state, and then log out, it is no longer accessible via CWebUser::getState().

@jellysandwich :- Yes if you logout every thing will be deleted and you can access any values

CUserIdentity::setState() will be useful if you do authentication using cookie … that means if you do "Remember my password " You can access then after you login .

Thanks and regards

Yii Fan