I have great problem with Yii 1.1. I do a correct implementation of yii login functionnality. But i have one big problem: i use ids to detect intrusion, but if user connect him and active RememberMe, the application generated error. If i delete the rememberMe cookie stored in browser, the application work normally. Ids log in my database the following errors :
Total impact: 18<br/>
Affected tags: xss, csrf, sqli, id, lfi, rfe<br/>
<br/>
Variable: COOKIE.2241ce6d8ef77b83ee3ae5b3923f1b5e | Value: 063e26c822746d4ca73de947f67caac05926b2e2s:137:"3ce5823b8cf2a2e68a1eb7bf2a509adb9064c29fa:4:{i:0;s:2:"44";i:1;s:23:"test@gmail.com";i:2;i:2592000;i:3;a:1:{s:4:"role";s:1:"1";}}";<br/>
Impact: 18 | Tags: xss, csrf, sqli, id, lfi, rfe<br/>
Description: Detects self-executing JavaScript functions | Tags: xss, csrf | ID: 8<br/>
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43<br/>
Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID: 67<br/>
<br/>Centrifuge detection data<br/> Threshold: 3.49<br/> Ratio: 3.4<br/><br/>
Thanks!