Yii Framework Forum: Security Issues With Useridentity And Cookies Solution - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Security Issues With Useridentity And Cookies Solution Rate Topic: -----

#1 User is offline   amoocow 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 17-April 13

Posted 30 April 2013 - 04:05 PM

I want to be able to use cookies to allow autologin, but I don't want my primary key for the user table (id) to be stored in plaintext in the cookie, which is why I don't use the solution here: http://www.yiiframew...o-yii-app-user/

My solution to this is storing the user id in a session variable called 'userID'. I do this for autologin by making a custom class CustomUser that extends CWebUser and setting the session variable every time init() is called:

	class CustomUser extends CWebUser 
	{
		public function init()
		{
			parent::init();

			if(!$this->isGuest)
			{
				$model = User::model()->findByAttributes(array('email'=>$this->getName()));
				Yii::app()->session['userID'] = $model->id;
				
			}
		}
	}



Then, I override my UserIdentity.getId() to return that session variable:

	public function getId()
	{
		return Yii::app()->session['userID'];
	}



Does anyone see anything wrong with this? Is there some problem I'm missing? I'm new to PHP and Yii, so I don't want to be making some crucial mistake.

Thanks!
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users