Yii 1.1: token

token base datebase

This extension is create and validate token.



  • Yii 1.0 or above


  • Extract the release file under protected/components
  • Create table:
      id int(11) unsigned NOT NULL AUTO_INCREMENT,
      action varchar(100) DEFAULT NULL,
      identity char(32) NOT NULL,
      token char(32) DEFAULT NULL,
      data text,
      expire_time int(10) unsigned DEFAULT NULL,
      PRIMARY KEY (id)
  • Add componets in main.php

    'tokenManager'=>array( 'class'=>'TokenManager', ),


See the following code example: ~~~ * Create token

    $token = Yii::app()->tokenManager->create('actionName', array('Some Params'), 172800, array('Data saved in this token'));
  • Validate token *
    $data = Yii::app()->tokenManager->validate('actionName', $token);

Change Log

March 3, 2010

  • Initial release.

March 6, 2010

  • Add public $secretKey and delete SECRET_KEY

Total 4 comments

#10066 report it
Gerhard Liebenberg at 2012/10/03 06:28am
token_o.2 and TokenManager Question


Release 0.2 does not include the TokenManager file any more.

Are you first suppose to download 0.1.1 and then add 0.2 after that?

Or, are the Usage scripts on this page (referring to TokenManager) not valid any more?


#7157 report it
synapze at 2012/02/29 12:42am
Keep token alive

You might want the ability to keep the token alive so that it syncs with your applications timeout.

Add the following 2 functions in the Token class

     * Update a tokens expiry time
     * @param string $action - Token type name
     * @param string $token - Token string
     * @param var $time - New expire time to set
     * @return boolean
    public function keepAlive($action, $token, $time)
        $record = $this->find($action, $token);
        if(!$record instanceof TokenRecord || $record->token != $token)
            $this->deleteByTokenKey($action, $token);
            return false;
            $this->updateByTokenKey($action, $token, ($time+time()));
            return true;        
     * Update expiry by Token Key
     * @param string $action
     * @param string $tokenKey
     * @param string $newExpireTime
     * @return boolean
    protected function updateByTokenKey($action, $tokenKey, $newExpireTime)
        return TokenRecord::model()->updateAll(array('expire_time'=>$newExpireTime),'action = :action AND token = :token' ,array(':action'=>$action, ':token'=>$tokenKey));

Then in your application within the beforeAction call in your Controller you can keep the token alive by resetting its expire time and syncing it with your applications timeout:

Yii::app()->tokenManager->keepAlive('actionName', 'TOKEN' , Yii::app()->session->getTimeout());
#761 report it
Rosimildo at 2010/03/03 06:15am
How this compare with a cache

A cache allows you to store "named, value" pairs... and this seems to do the same. What is the difference and when I should use something like this ?

#762 report it
ScallioXTX at 2010/03/03 05:58am
Very nice!

Very nice extension. I was always doing this on a model-by-model basis, where I saved tokens within the model. This of course has the draw back that for every action a new column has to be defined for the tokens. Furthermore, my tokens were not time constrained, these tokens are :)

My one comment is that in the function createTokenKey you refer to the undefined constant SECRET_KEY. I made this $this->secretKey, which is a public variable of the class and defaults to 'secret'. This way this variable can be changed in the config file, so you can give every project another secret key (if you're kinda security paranoid like me :))

Leave a comment

Please to leave your comment.

Create extension
  • Yii Version: 1.1
  • License: New BSD License
  • Developed by: dongbeta
  • Category: Security
  • Votes: +3
  • Downloaded: 2,030 times
  • Created on: Mar 3, 2010
  • Last updated: Mar 6, 2010