Can somebody tell me how does the authentication and session works… and how to implement it on log-in and log-out
I write this code on config/main.php inside components
'session'=>array(
'class' => 'CDbHttpSession',
'connectionID' => 'db',
'sessionTableName' => 'dbsession',
),
in LoginController i have this
public function actionLogin()
{
if (Yii::app()->user->isGuest) {
$model=new UserLogin;
// collect user input data
if(isset($_POST['UserLogin']))
{
$model->attributes=$_POST['UserLogin'];
// validate user input and redirect to previous page if valid
if($model->validate()) {
Yii::app()->session['var']='value';//is this right?
$this->lastVisit();
if (Yii::app()->getBaseUrl()."/index.php" === Yii::app()->user->returnUrl)
$this->redirect(Yii::app()->controller->module->returnUrl);
else
$this->redirect(Yii::app()->user->returnUrl);
}
}
// display the login form
$this->render('/user/login',array('model'=>$model));
} else
$this->redirect(Yii::app()->controller->module->returnUrl);
}
And to my Logout COntroller
public function actionLogout()
{
Yii::app()->user->logout();
$this->redirect(Yii::app()->controller->module->returnLogoutUrl);
unset(Yii::app()->session['var']);
Yii::app()->session->clear();
Yii::app()->session->destroy();
}
I have this codes but… while im log in. i copy one of my url that has a view/displays data, then i logout. when i paste it on the url browser. i access the view/displays data while i am not logged in. So it means that all people can view my data which is needed to be secured and only admin can view it…
Kindly help me. Thanks.