Difference between #3 and #2 of How to add more information to Yii::app()->user

How to add more information to Yii::app()->user
By default, the expression Yii::app()->user returns a [CWebUser] [application
which can be used to storerepresents the information that
are closely related with the current user and shoulduser. Some
information can be persistent throughout the current user session.
For example, [CWebUser] already comes with a [name|CWebUser::name]
property that stores the username of the current user.

In order to store more information, we need to modify the
[identity|IUserIdentity] class used together with [CWebUser]. Each application
may have one or several identity classes which are mainly responsible to provide
ways of performing user

Here we use the `UserIdentity` class included in the `testdrive` application as
an example, assuming our goal is to add the ID and the last login time of the
user to [CWebUser]. We would modify `UserIdentity` as follows,

class UserIdentity extends CUserIdentity
	private $_id;
	public function authenticate()
		else if($user->password!==md5($this->password))
			$this->lastLoginTime=$user->lastLoginTime;			$this->setState('lastLoginTime',
		return !$this->errorCode;
	public function getId()
		return $this->_id;
	public function getLastLoginTime()
		return $this->getState('lastLoginTime');
	public function setLastLoginTime($value)
		return $this->setState('lastLoginTime',$value);

In the aboveabove, during authentication we define a
`lastLoginTime` property with getter/setter methods.retrieve the ID
and the last login time information of the authenticated user. We
also overridesave the `getId()` method to
returnID in a private variable.variable `$_id`
and save `lastLoginTime` in a state by calling `setState()`. The reason
that thewe use different approaches to save `id`
property is not defined likeand `lastLoginTime` is because
`id` is a pre-defined property in [CUserIdentity] andthat
is recognized by [CWebUser]. If we needwant to
addstore more information, we should follow the way
of defininguse `setState()`, like we do with `lastLoginTime`.

InWe also override the `authenticate()` method, we
retrieve`getId()` method to return the user record
accordingprivate variable `$_id`. The parent implementation is
to return the provided username. We populate the `id`
and `lastLoginTime` properties if we find such a user record whose password
matches the provided password (meaning successful authentication).

That's all we need. Now if we want to retrieve the `id` or `lastLoginTime`
information in our code, we can do the following:

// starting from 1.0.3If you canare using
version 1.0.2 or earlier, you should use the following:

> Note: When cookie-based authentication is enabled (by setting
[CWebUser::allowAutoLogin] to be true), these persistent information will be
stored in cookie. Therefore, you should NOT store sensitive information (e.g.
password) like we do in the above.