drmovi
(Drmovi)
September 5, 2014, 11:48am
1
Hi everybody ,I’m here to discuss with you the approach in Yii2 authentication which i can list in 2 items:-
1- check the identity through session
2- if not check the identity through cookie and if present populate the identity
of course if the conditions are fulfilled such as enableCookieLogin …etc
I have some question concerning the concept of authentication:-
1- what if i want to logout someone when cookies is enabled ?
2- expiry time can be edited with ease in cookie isn’t ?
3- any considerations to use the secure cookie protocol ?
tebazil
(Vasiliy Baukin)
September 5, 2014, 12:03pm
2
I am not sure about your concern with these questions.
I believe
that’s what Yii authentication component does by default, no?
drmovi:
1- what if i want to logout someone when cookies is enabled ?
2- expiry time can be edited with ease in cookie isn’t ?
3- any considerations to use the secure cookie protocol ?
You are logging him out. Even if the cookie stays on his computer he has to re-login, since his cookie is no more valid.
You can set the expired time. But don’t fully rely on this - browser may not obey your cookie commands
, or cookies may be faked.
Doesn’t that parameter do this?
tebazil
(Vasiliy Baukin)
September 5, 2014, 12:04pm
3
I suggest you re-read authorization section in the manual.
drmovi
(Drmovi)
September 5, 2014, 12:26pm
4
thanks tebazil for reply, ok can you explain to me in code how to logout someone you want to ?
evstevemd
(Stefano Mtangoo)
September 9, 2014, 6:06am
6
Did you read the guide?it explains it well with examples