Hi everybody ,I’m here to discuss with you the approach in Yii2 authentication which i can list in 2 items:-
1- check the identity through session
2- if not check the identity through cookie and if present populate the identity
of course if the conditions are fulfilled such as enableCookieLogin …etc
I have some question concerning the concept of authentication:-
1- what if i want to logout someone when cookies is enabled ?
2- expiry time can be edited with ease in cookie isn’t ?
3- any considerations to use the secure cookie protocol ?
I am not sure about your concern with these questions.
that’s what Yii authentication component does by default, no?
You are logging him out. Even if the cookie stays on his computer he has to re-login, since his cookie is no more valid.
You can set the expired time. But don’t fully rely on this - browser may not obey your cookie
commands, or cookies may be faked.
Doesn’t that parameter do this?
I suggest you re-read authorization section in the manual.
thanks tebazil for reply, ok can you explain to me in code how to logout someone you want to ?
Did you read the guide?it explains it well with examples