I’ve been using Yii 2 over the past month and I love it! I got very adept at Yii 1 through Larry Ullman’s amazing book and I’m surprised at how quickly I could run with Yii 2. I am running into an issue that I handled in Yii 1 but I want to know if I’m using the best approach to handle it in Yii 2.
PROBLEM: Want to ensure that when user is authenticated, the system doesn’t just load their authentication status but also loads an aspects of a user into the session
SITUATION: If RememberMe is on, the system remembers that the user has been logged in even if browser is shut down and reopened. Fantastic! However, when logging back in, the user does not go through the login function which saves their timezone into the session. Boo!
SOLUTION: Create a BaseController that extends controller. Is user is not a guest BUT user does not have a timezone saved into their session THEN load the timezone into the session. All controllers will now extend this new BaseController
This approach works. However, is it the best approach?
Nice tip for the timezone data! I just realized that everything saved under the user record is available via Yii::$app->user->identity-> so I could just use Yii::$app->user->identity->timezone.
If I get everything right, then you’ve got your user model which implements IdentityInterface.
And then you may (must) implement validateAuthKey() method. This method checks the user auth (compares $authKey with the stored one). This method will be called each time the user authes by rememberMe or any other method using authKey. So, if the auth is successful, you may do anything you want (set timezone or anything). The code is very simple:
public function validateAuthKey($authKey)
{
if ($this->getAuthKey() === $authKey) {
if (!$this->timezone) $this->updateAttributes(['timezone' => 'Europe/Berlin']);
return true;
}
return false;
}
I’ve got another method called validatePassword() which is executed each time the user logs in using password (login form). So, I may do anything with the model depending on the auth event (by key or by password).
There is the other approach - use events. It is much more complicated and flexible. Shortly, you create the event handler, register it and then trigger.