understanding Yii cookies and duration

Yii 1.1 General Discussion
1

Hello, I want to understand a few lines in Yii framework that every default webapplication contains. This lines are from LoginForm.php login() function. Here they are:




$duration=$this->rememberMe ? 3600*24*7 : 0; // 7 days

Yii::app()->user->login($this->_identity,$duration);

return true;

I want to secure my web applications so I read a topic about yii security. I changed my main config file and added "’ enableCsrfValidation’=>true, ". There was written that if I want to secure cookies I must use


// retrieve the cookie with the specified name

$cookie=Yii::app()->request->cookies[$name];

$value=$cookie->value;

......

// send a cookie

$cookie=new CHttpCookie($name,$value);

Yii::app()->request->cookies[$name]=$cookie;

But I found different lines of code and I can’t find a similarities. I googled and found Nothing about this case. so please help me to understand little about it and help me to secure my cookies.

2

I think your authentication/login cookies are fine while you are using the default Yii CWebUser class (which you seem to be doing).

The author of the article is in my opinion talking about cookies in general. So don’t use $_COOKIE global php var to access them. Use the Yii methods/objects quoted above when you use cookies :)

I hope that’s been helpful