Session forgets my values on logged in user

What happens:

A user logs in using the remind me checkbox. Upon login I save a state if y user is an admin or not. If the user closes his browser and returns next day, he is still logged in but the application forgot about that he is an admin.

My Model::Login method




	public function login($hash = false)

	{

		if ($this->_identity === null)

		{

			$this->_identity = new UserIdentity($this->username, $this->password);


			if ($hash) {

				$this->_identity->authenticateHash();

			} else {

				$this->_identity->authenticate();

			}

		}


		if ($this->_identity->errorCode === UserIdentity::ERROR_NONE)

		{

			$duration = $this->rememberMe ? 3600 * 24 * 30 : 0; // 30 days

			Yii::app()->user->login($this->_identity, $duration);

			Yii::app()->user->setState('isAdmin', $this->_identity->isAdmin);

			return true;

		}

		else

		{

			return false;

		}

	}



My check how to determine if is admin




	public function accessRules()

	{

		return array(

			array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('index'),

				'users'=>array('@'),

			),

			array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('admin'),

				'expression' => '$user->getState("isAdmin")',

			),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}



My session configuration




		'session' => array(

			'class' => 'CHttpSession', //CDbHttpSession

			'timeout' => 3600 * 24 * 30,

			'autoStart' => true,

			//'sessionTableName' => 'session'

		),



This is normal. Session works until you close your browser. Admin flag should be obtained from database or other persistent storage.

Since when do sessions not survive a browser close? You can define per cookie if is bound to the current session or has a lifetime, see "expire": http://php.net/manual/de/function.setcookie.php

I’ve meant default, of course: http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime. You may try setting cookie lifetime via cookieParams.

rememberMe has nothing to do with session. It’s logging you in if the cookie is there. That’s it.

I have extended my cookie params, but it did not help




		'session' => array(

			'class' => 'CHttpSession', //CDbHttpSession

			'timeout' => 3600 * 24 * 30,

			'autoStart' => true,

			'cookieParams' => [

				'lifetime' => 3600 * 24 * 30,

				'cookieMode' => 'only'

			]


		),



Instead I have now extended my webuser to work around the issue.




    public function getState($key, $defaultValue = null)

    {

        if ($key == 'isAdmin' && $this->id) {

            $user = Verantwortlicher::model()->findByPk($this->id);

            return $user->admin;

        }


        return parent::getState($key, $defaultValue);

    }