User state

I need to store the number of emails sent per session to prevent spamming. I do this using user->setState().

I want to allowAutoLogin, this is a very convenient feature.

But if I do so, this value (as well as any others) may be faked using cookies.

How to prevent this? Where to store secure values?

The value won't be faked by Yii has measure to prevent data stored in user state from being tampered.


and what is the protection mechanism?