what does this mean?

In the documentaiton it says:

In addition, for any serious Web applications, we recommend using the following strategy to enhance the security of cookie-based login.

Why are we including the check in the CWebUser::beforeLogin? Isn’t the new key just stored in the states at login?

What I am doing is the following:

in CUserIdentity::authenticate() I store a random key in the COOKIE and also in the database. Then I log in the USER.

every time the user checks a page on the site, I compare the random key IN THE COOKIE with that found in the database for that user ID. If there is no match, I logout the user. If there is a match, the user is able to access the page.

This is resource intensive though. Is there a better way to make sure Cookies are not faked or manipulated?

Why would we do the matching of keys in CWebUser::beforeLogin()? that makes no sense.