Option ‘allowAutoLogin’=>true. How better to generate new session id (Yii::app()->session->sessionID) after the browser will be reopened with saving auto-login? In other words, how don’t save sessionID to cookies with working “autoLogin”? (I’m using own auto-logout system, based on this sessionID).
With ‘allowAutoLogin’=>true all session variables ($_SESSION[‘myVar’]) is stored into the cookies, so how to avoid it?