First of all, I must say thx to Alexandr for the amazing book, today I finished reading it…

learned a lot from it

to the question 8)

I not sure if cookie is the way to go… how can I make sure no one fake it?

One possible solution

'catchAllRequest' => ( (getenv('Maintenance') && session_start() && !isset($_SESSION['adminSession'])) ? 

											array('maintenance/index') : null ),

Anonymous function would do my life easier but it not working… don’t know why…

You can’t be sure about noone will fake a cookie that’s true.

Anonymous function doesn’t work because there Yii doesn’t expect it: