I notice that when a user logs in, the authenticate() method from the UserIdentity class it called two times.
I wonder if it’s normal and if it’s not the reason of some strange behaviors concerning sessions.
I don’t get why it has to be called because of the rule to validate the password.
This is the method which is called to validate the password, in fact it checks the whole identity (username+password), same as what is done in the login() method.
public function authenticate($attribute,$params)
$this->_identity=new UserIdentity($this->username,$this->password); if(!$this->_identity->authenticate()) $this->addError('password','Incorrect username or password.');