Difference between #3 and #2 of How to add more information to Yii::app()->user

By default, the expression Yii::app()->user returns a [CWebUser] [application
component](http://www.yiiframework.com/doc/guide/basics.application#application-component)
which can be used to storerepresents the information that
are closely related with the current user and shoulduser. Some
information can be persistent throughout the current user session.
For example, [CWebUser] already comes with a [name|CWebUser::name]
property that stores the username of the current user.

In order to store more information, we need to modify the
[identity|IUserIdentity] class used together with [CWebUser]. Each application
may have one or several identity classes which are mainly responsible to provide
ways of performing user
[authentication](http://www.yiiframework.com/doc/guide/topics.auth). 

Here we use the `UserIdentity` class included in the `testdrive` application as
an example, assuming our goal is to add the ID and the last login time of the
user to [CWebUser]. We would modify `UserIdentity` as follows,

~~~
[php]
class UserIdentity extends CUserIdentity
{
	private $_id;
	
	public function authenticate()
	{
		$user=User::model()->findByAttributes(array('username'=>$this->username));
		if($user===null)
			$this->errorCode=self::ERROR_USERNAME_INVALID;
		else if($user->password!==md5($this->password))
			$this->errorCode=self::ERROR_PASSWORD_INVALID;
		else
		{
			$this->_id=$user->id;
			$this->lastLoginTime=$user->lastLoginTime;			$this->setState('lastLoginTime',
$user->lastLoginTime);
			$this->errorCode=self::ERROR_NONE;
		}
		return !$this->errorCode;
	}
	
	public function getId()
	{
		return $this->_id;
	}
	
	public function getLastLoginTime()
	{
		return $this->getState('lastLoginTime');
	}
	
	public function setLastLoginTime($value)
	{
		return $this->setState('lastLoginTime',$value);
	}	
}
~~~

In the aboveabove, during authentication we define a
`lastLoginTime` property with getter/setter methods.retrieve the ID
and the last login time information of the authenticated user. We
also overridesave the `getId()` method to
returnID in a private variable.variable `$_id`
and save `lastLoginTime` in a state by calling `setState()`. The reason
that thewe use different approaches to save `id`
property is not defined likeand `lastLoginTime` is because
`id` is a pre-defined property in [CUserIdentity] andthat
is recognized by [CWebUser]. If we needwant to
addstore more information, we should follow the way
of defininguse `setState()`, like we do with `lastLoginTime`.

InWe also override the `authenticate()` method, we
retrieve`getId()` method to return the user record
accordingprivate variable `$_id`. The parent implementation is
to return the provided username. We populate the `id`
and `lastLoginTime` properties if we find such a user record whose password
matches the provided password (meaning successful authentication).

That's all we need. Now if we want to retrieve the `id` or `lastLoginTime`
information in our code, we can do the following:

~~~
[php]
$id=Yii::app()->user->id;
$lastLoginTime=Yii::app()->user->getState('lastLoginTime');$lastLoginTime=Yii::app()->user->lastLoginTime;
// starting from 1.0.3If you canare using
version 1.0.2 or earlier, you should use the following:
//
$lastLoginTime=Yii::app()->user->lastLoginTime;$lastLoginTime=Yii::app()->user->getState('lastLoginTime');
~~~

> Note: When cookie-based authentication is enabled (by setting
[CWebUser::allowAutoLogin] to be true), these persistent information will be
stored in cookie. Therefore, you should NOT store sensitive information (e.g.
password) like we do in the above.