For some applications it can be advantageous for administration reasons to allow site administrators to login as other users. This is sometimes called user impersonation or "becoming that user".
How many of us wonder how we can upgrade the website without hurting the operation of our WebApp?
The only thing required is simple, we just need to create a view that will be partially rendered by a call to a controller (using renderPartial) and make sure that we process output -setting to true the parameter on the function. Everything will work as expected but...
This article is called extended guide is because there is already a security guide in the Yii tutorial security section. but that guide is not complete in the sense that it does not rise the developers' attention to some other commonly happening attacks: SQL injection and magic URL, which can be major vulnerabilities in you...