What happens:
A user logs in using the remind me checkbox. Upon login I save a state if y user is an admin or not. If the user closes his browser and returns next day, he is still logged in but the application forgot about that he is an admin.
My Model::Login method
public function login($hash = false)
{
if ($this->_identity === null)
{
$this->_identity = new UserIdentity($this->username, $this->password);
if ($hash) {
$this->_identity->authenticateHash();
} else {
$this->_identity->authenticate();
}
}
if ($this->_identity->errorCode === UserIdentity::ERROR_NONE)
{
$duration = $this->rememberMe ? 3600 * 24 * 30 : 0; // 30 days
Yii::app()->user->login($this->_identity, $duration);
Yii::app()->user->setState('isAdmin', $this->_identity->isAdmin);
return true;
}
else
{
return false;
}
}
My check how to determine if is admin
public function accessRules()
{
return array(
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('index'),
'users'=>array('@'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin'),
'expression' => '$user->getState("isAdmin")',
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
My session configuration
'session' => array(
'class' => 'CHttpSession', //CDbHttpSession
'timeout' => 3600 * 24 * 30,
'autoStart' => true,
//'sessionTableName' => 'session'
),