If I want to allow a user to stay (auto-) logged in for up to one year, do I really have to set the cookie lifetime of the session component to one year? That would mean any session remains valid for a year and that would result in a lot of trash. At this point I see no other solution? Or did I missed something?
public function authenticate($attribute,$params)
{....$duration=$this->rememberMe ? 3600*24*30 : 0;//// 30 days,set it for 1 year
Yii::app()->user->login($identity,$duration);
I also extend the function authenticateByCookie().
I thing at cookie will be only the information of Yii::app()->user and not all the session.Is not it?
Well as far as I noticed the “autologin”-cookie stores the id of the current session. If the stored session id is not valid anymore (expired), autologin fails. Or is this not the case? I can’t test at the moment.