[Y!!]

If I want to allow a user to stay (auto-) logged in for up to one year, do I really have to set the cookie lifetime of the session component to one year? That would mean any session remains valid for a year and that would result in a lot of trash. At this point I see no other solution? Or did I missed something?

[Y!!]

Anyone?

[dimis283]

At login model there is the code

public function authenticate($attribute,$params)
	{....$duration=$this->rememberMe ? 3600*24*30 : 0;//// 30 days,set it for 1 year
       Yii::app()->user->login($identity,$duration);

I also extend the function authenticateByCookie().
I thing at cookie will be only the information of Yii::app()->user and not all the session.Is not it?

[Y!!]

dimis283, on 08 January 2010 - 03:09 AM, said:

At login model there is the code

public function authenticate($attribute,$params)
	{....$duration=$this->rememberMe ? 3600*24*30 : 0;//// 30 days,set it for 1 year
       Yii::app()->user->login($identity,$duration);

I also extend the function authenticateByCookie().
I thing at cookie will be only the information of Yii::app()->user and not all the session.Is not it?

Well as far as I noticed the "autologin"-cookie stores the id of the current session. If the stored session id is not valid anymore (expired), autologin fails. Or is this not the case? I can't test at the moment.

[dimis283]

Me personally I extended the function authenticateByCookie() and I made there the validation.
I took that from here

[Y!!]

Alright I did obviously made a mistake when first testing this feature. Just tested again and it works without problems.

dimis283, on 08 January 2010 - 03:47 AM, said:

Me personally I extended the function authenticateByCookie() and I made there the validation.
I took that from here

Thanks for the hint, I will extend CUserIdentity and CWebUser.