Although Yii has measures to prevent the state cookie from being tampered on the client side, we strongly suggest that security sensitive information be not stored as states. Instead, these information should be restored on the server side by reading from some persistent storage on the server side (e.g. database).
[/i]
My question:
How do I restore this information on the server side?
Is it done in the CUserIdentity -> authenticate() method?
I’m trying to figure it out, but with no luck. I’m a newbie in this, btw.
I would also like to get data from the database after cookie-based auto login. As I figured out, WebUser should get the data, but I don’t know how to run getUser() function after cookie-based login?
The best would be to run authenticate before form login, and auto login, too. The thing is, if user’s password has been changed or it’s been blocked meantime it was not logged in, cookie-based login will grant the access without authenticating first.
