Good day.

I have a problem with authorization in Yii.

When logging in, I add the variable to the session. And the authorization goes on cookies and for a long time the variable in the session is lost. I do not want to write setState, since this variable is stored in cookies ...

Described messy, but in general, I think the problem is described.

Help solve - advise solution.

    2 answers 2

    Did not quite understand the question. User passes authorization - you record the status of this connection to the session (authorized, unauthorized) And the session value itself is transmitted via a cookie - right? look at the CwebUser code

    public function setState($key,$value,$defaultValue=null) { $key=$this->getStateKeyPrefix().$key; if($value===$defaultValue) unset($_SESSION[$key]); else $_SESSION[$key]=$value; }

    mean saves not in the cookie but in the session, but as already told you in the answer, the session also has a lifetime. It’s just that you can store cookies longer than the session. Therefore, when entering a nasayt, the following happens: the class receives cookies, and from there it takes a session — but the session is no longer there — therefore the user is unauthorized.

    • Upon successful authorization, I record additional parameters in the current session. And yii is not authorized on the basis of PHPSESSID with the connection of the desired session, but seems to take its variable, where it directly stores the user ID. Therefore, after a time, the session may die stupidly, but the user will remain authorized. In this case, the parameters saved in the session are lost. I reread everything, I just can’t find a normal authorization alternative in yii - org
    • Hmm Useful information. And why I did not immediately think to look into this class! Thank you! - org

    A session has such a concept as time_life, only the session identifier should be stored in cookies, and the session itself is stored on the server as files or in the database, depending on the selected adapter for session storage.