Question about CWebUser::$allowAutoLogin

If I want to allow a user to stay (auto-) logged in for up to one year, do I really have to set the cookie lifetime of the session component to one year? That would mean any session remains valid for a year and that would result in a lot of trash. At this point I see no other solution? :mellow: Or did I missed something?

Anyone? :mellow:

At login model there is the code

public function authenticate($attribute,$params)

	{....$duration=$this->rememberMe ? 3600*24*30 : 0;//// 30 days,set it for 1 year


I also extend the function authenticateByCookie().

I thing at cookie will be only the information of Yii::app()->user and not all the session.Is not it?

Well as far as I noticed the “autologin”-cookie stores the id of the current session. If the stored session id is not valid anymore (expired), autologin fails. Or is this not the case? I can’t test at the moment.

Me personally I extended the function authenticateByCookie() and I made there the validation.

I took that from here

Alright I did obviously made a mistake when first testing this feature. Just tested again and it works without problems.

Thanks for the hint, I will extend CUserIdentity and CWebUser.