Save User Identity into Session?

All,

I just realized that every item saved onto the user record in a DB is available via Yii::$app->user->identity->. I had assumed this was only true with the id.

However, it appears that using Yii::$app->user->identity-> always causes a DB query. Is there any way to store the data into a session automatically when the user is authenticated? When I say this, I don’t just mean with the Login form. I mean that if a user returns to the site with rememberme turned on and they are authenticated without the login form, that the system would not need to run a full DB query on the user table to get information on the user record.

I’m still not sure what happens on the backend to figure out the user’s state is “logged in”. If I could figure out where this happens, I would save all the elements of the user into a session as well as update their last_login_time. Any help would be appreciated.

Heello Saniko,

It is not advisable to store many details of the User object into the session as this can be hijacked easily. If your goal is fast retrieval of data, you should consider caching the record [based on a "change" dependency] per se.

How would you handle situations where

  • the user has been deactivated/banned/deleted in the meantime
  • any important data, like username, has been changed, because the user modified it from a different session?