Yii Framework Forum: Security Of Cookie Based Login - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Security Of Cookie Based Login Rate Topic: -----

#1 User is offline   slick1537 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 13-July 13

Posted 13 July 2013 - 08:34 AM

Hi all,

First off I would like to say Yii is a fantastic framework. I tried cakePHP and codeigniter before deciding on Yii because its far superior. I am relatively new to web development and programming, and Yii is making it much easier, usually a quick google search for a question I have yields the results I need. Now onto my question....

I am very very confused about implementing a cookie based login. I have been following the guide listed here and have successfully been able to login to a user account, compare password hashes, etc. The guide says not to store sensitive 'setState' information if using the 'remember me' option as these values will be stored to a cookie.

Say for example we have a 'user_role' and a user could either be a regular user or an administrator. We wouldn't want the user manipulating the cookie and changing their role to administrator.

What is the safe way to persist this information so that 'user_role' can be used after in my code after logging a user in without having to keep making consecutive calls to the database to check a user's role.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users