In this mini howto I would like to show how to add a required captcha field in the login form, after a defined number of unsuccessfull attempts.
To do this, I will use the blog demo that you have in default Yii download package (path/to/yii/demos/blog).
Info: As KCFinder's documentation mentions, if your application (Yii in our case) session handling is using the PHP environment configuration - meaning no change in session handling at all, then no change is needed also on KCFinder side to be able to use this session and thus have this simple interface between your Yii webapp and KCFinder. If that's your case then you probably need not read the rest of this article but rather just make sure that before a user attempts to upload or browse your server a session variable is already set for him (or her) with his specific configuration already waiting for KCFinder there. What can this session interface be useful for? For example, for having per-user upload directory. You could have uploadURL variable established in the session variable to contain the user's id. When an upload or browse use case will occur, the client side will trigger the KCFinder completely decoupled from the Yii application. Yet, since you've already synced your user-specific-configuration with KCFinder via the session, KCFinder will pick it up and use it.