My goal is to allow user autologin, but force every user to do at least a login every ‘tot’ time.
I’m experimenting with a value of 30000 seconds, just to try
In the LoginForm.php I set the cookie duration
if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
{
$duration = $this->rememberMe ? 60*60*24*30 : 0; // 30 days
Yii::app()->user->login($this->_identity,$duration);
return true;
}
I setup this in main.php config file
'user'=>array(
'absoluteAuthTimeout' => 30000, // one login required every tot seconds
// enable cookie-based authentication
'allowAutoLogin' => true,
),
User login with ‘remember me’ checked, see the index page, then click a link, any link, and will be redirected to login page. Why?
If I remove absoluteAuthTimeout every thing works (but user will remain logged for 30 days)!