Question about CWebUser::$allowAutoLogin

Y11 · January 5, 2010, 3:01pm

If I want to allow a user to stay (auto-) logged in for up to one year, do I really have to set the cookie lifetime of the session component to one year? That would mean any session remains valid for a year and that would result in a lot of trash. At this point I see no other solution? Or did I missed something?

Y11 · January 8, 2010, 7:24am

Anyone?

dimis283 · January 8, 2010, 8:09am

At login model there is the code


public function authenticate($attribute,$params)

	{....$duration=$this->rememberMe ? 3600*24*30 : 0;//// 30 days,set it for 1 year

       Yii::app()->user->login($identity,$duration);

I also extend the function authenticateByCookie().

I thing at cookie will be only the information of Yii::app()->user and not all the session.Is not it?

Y11 · January 8, 2010, 8:22am

dimis283:

At login model there is the code
public function authenticate($attribute,$params)

	{....$duration=$this->rememberMe ? 3600*24*30 : 0;//// 30 days,set it for 1 year

       Yii::app()->user->login($identity,$duration);
I also extend the function authenticateByCookie().

I thing at cookie will be only the information of Yii::app()->user and not all the session.Is not it?

Well as far as I noticed the “autologin”-cookie stores the id of the current session. If the stored session id is not valid anymore (expired), autologin fails. Or is this not the case? I can’t test at the moment.

dimis283 · January 8, 2010, 8:47am

Me personally I extended the function authenticateByCookie() and I made there the validation.

I took that from here

Y11 · January 8, 2010, 9:14am

Alright I did obviously made a mistake when first testing this feature. Just tested again and it works without problems.

Thanks for the hint, I will extend CUserIdentity and CWebUser.