I’m still messing around with persitent logins.
I’ve got my DbHttpSession working now and it saves data to a cookie because I use Yii::app()->user->login($identity,86400); and allowAutoLogin to true. Though, every time I login, close my browser and then go to the page again, it creates a new session id, which makes a new row in my sessions table. This causes my database to fill up pretty fast if people go around and close their browser alot and go back to the site.
Is there a save way to make it use the same session id?
I’m checking Invision Power Board’s code for the solution they use and discovered it stores a hash it saves in the member table to a cookie and checks this when the the user returns, then gives the user his old sessionid back.
Is this a safe way?
Also, is this normal behaviour? That the cookie doesn’t give the user their old session back as long as it’s lifetime isn’t past? According to some guys in IRC, it should not be doing that.
Thanks in advance and hope someone can shed some light to my mystery,
And before I forget, cudos for the magnificent framework really fun to code in!