For some reason the login session seems to expire on a random basis, for example sometimes after 10 mins or sometimes after 10 hours, etc. Ideally I want to specify a default expiry period, and also the login session should expire when the browser is closed.
I am using the UserIdentity component and also ‘allowAutoLogin’ is on.
Anyone able to help?
We need more information about this one…
From the userguide the allowAutoLogin should be true not on… Do you pass a duration parameter to CWebUser::Login
eg.
// Keep the user logged in for 7 days.
// Make sure allowAutoLogin is set true for the user component.
Yii::app()->user->login($identity,3600*24*7);
allowAutoLogin is set to true
Here is my current LoginForm:
public function authenticate($attribute, $params)
{
if(!$this->hasErrors()) // we only want to authenticate when no input errors
{
$identity=new UserIdentity($this->username, $this->password);
$identity->authenticate();
switch($identity->errorCode)
{
case UserIdentity::ERROR_NONE:
$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
Yii::app()->user->login($identity, $duration);
break;
case UserIdentity::ERROR_USERNAME_INVALID:
$this->addError('username', 'Incorrect Login Details.');
$this->addError('password', '');
break;
default: // UserIdentity::ERROR_PASSWORD_INVALID
$this->addError('username', 'Incorrect Login Details.');
$this->addError('password', '');
break;
}
}
}
Here is my current UserIdentity:
public function authenticate()
{
$record=User::model()->findByAttributes(array('email'=>$this->username, 'enabled'=>1));
if($record===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
else if($record->password!==$this->password)
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
{
$this->_id=$record->id;
$this->setState('name', $record->name);
$this->setState('role', $record->type);
$this->errorCode=self::ERROR_NONE;
}
return !$this->errorCode;
}
Here is my current accessRules():
public function accessRules()
{
return array(
array('allow', //allow authenticated users to view records
'actions'=>array('view'),
'users'=>array('@'),
),
array('allow', //allow only Admin users to create/update/delete records
'actions'=>array('create', 'update', 'delete', 'list'),
'expression'=>Yii::app()->user->getState('role')=='Admin',
),
array('allow', //allow authenticated users to view admin interface
'actions'=>array('admin'),
'users'=>array('@'),
),
array('deny', //deny all users
'users'=>array('*'),
),
);
}
In my user table I have a field called ‘type’ - this is set to either ‘Admin’ or ‘User’ - so I perform this check in the accessRules(). I think this is what may be causing the problem. Previously I was using [color="#000080"]‘expression’=>Yii::app()->user->role==‘Admin’[/color] but this started giving me errors after a certain period of inactivity ([color="#000080"]Property “CWebUser.role” is not defined[/color]). So I changed it to [color="#000080"]getState(‘role’)[/color].
In order to test I want to specify a very short duration - e.g. 2 mins and after that the login should expire and the user should get redirected to the login form.
I got another bug:
array('allow', //allow only Admin users to create/update/delete records
'actions'=>array('create', 'update', 'delete', 'list'),
'expression'=>Yii::app()->user->getState('role')=='Admin',
),
does not necessarily check if the user is logged in or not. Sometimes I am able to view records when I am no longer logged in.
Anyone able to advise? Thanks!
change to;
array('allow', //allow only Admin users to create/update/delete records
'actions'=>array('create', 'update', 'delete', 'list'),
'expression'=>'Yii::app()->user->getState("role")=="Admin"',
),
This worked in my website.