I am sorry I think I am confused with these approaches and Can any one provide some clarifications If I am wrong
In UserIdentity class after authentication we do
$this->_id=$user->user_id
. I see this gets stored in browser cookies . So whatever we store in UserIdentity object gets stored in cookies …? any way to store it in non readable encrypted format .
Yii::app()->session['var']
:- This is for storing session level variables or Objects
3)In UserIdentity class we can also use
$this->setState
, is this some thing different from the above two ? Where this information gets stored …?
all the data of your 3 cases is saved on the server. The client holds only the sessionId as identifier to tell the server: "hey server, dou you remember me? my identifier is <sessionId>".
Browser holds only the sessionId. Session data is saved at your server (file or database storage). So you don’t have to encrypt any.
same as above - session data is not saved at client side
states works like Yii session, but they are piece of UserIdentity and maintain with a bundle of usefull methods.
Do you need more approaches? Make what you want to extend Yii for your own.
Thank You bn77 for the information . So there is no difference in three approaches . The question came up because for the first one we have to extend CWebUser o store it and for others it is straight forward .
Anything you save through CUserIdentity::setState during authentication will be saved in a cookie, if cookie based login is enabled.
Anything you save through CWebUser::setState will be saved in user session. The session keys are prefixed, so when you call Yii::app()->user->logout(false), not the complete session is destroyed but only the states.
Apart from the above you still can access the session directly (or through Yii::app()->session which is equivalent).
What’s the difference between these? I’ve noticed that if you set any states via CUserIdentity::setState(), you can access those via CWebUser::getState().
Also, if you use CUserIdentity::setState() to set a state, and then log out, it is no longer accessible via CWebUser::getState().
@jellysandwich :- Yes if you logout every thing will be deleted and you can access any values
CUserIdentity::setState() will be useful if you do authentication using cookie … that means if you do "Remember my password " You can access then after you login .