Security Of Cookie Based Login

Hi all,

First off I would like to say Yii is a fantastic framework. I tried cakePHP and codeigniter before deciding on Yii because its far superior. I am relatively new to web development and programming, and Yii is making it much easier, usually a quick google search for a question I have yields the results I need. Now onto my question…

I am very very confused about implementing a cookie based login. I have been following the guide listed here and have successfully been able to login to a user account, compare password hashes, etc. The guide says not to store sensitive ‘setState’ information if using the ‘remember me’ option as these values will be stored to a cookie.

Say for example we have a ‘user_role’ and a user could either be a regular user or an administrator. We wouldn’t want the user manipulating the cookie and changing their role to administrator.

What is the safe way to persist this information so that ‘user_role’ can be used after in my code after logging a user in without having to keep making consecutive calls to the database to check a user’s role.