Hello.
There is a project on the Yii2 framework, and there you need to make sure that when the user exits on one device / browser, his authorization flies absolutely everywhere.
I rummaged and saw that the sessions are saved in the database, and when the user exits, the session that is attached to this user is cleared.
How to implement this?
Ricco381 Ricco381
321 one eleven
|
1 answer
Authentication in Yii2 works not only through sessions. There is also a \yii\web\User::$identityCookie cookie. If the session is deleted, or spoiled in time, the framework will restore user authentication through this same cookie. That is, first of all, you need to reset the cookie.
For validating user cookies, \yii\web\IdentityInterface::getAuthKey . On the database side, this is usually the auth_key field in the user table. Its contents need to be regenerated with a new random value.
And, then, if in your case the sessions are stored in a database, delete all sessions of a particular user. For this, the table with sessions must have a field with a user ID.
If built-in sessions are used, this can be avoided. The session itself will fade quickly enough.
KiTE KiTE
7,780 14 27
- does not work, several sessions are created for one user - Ricco381
- Should work. We disable user cookies + delete user sessions = profit. - KiTE
- It is possible an example, thanks! - Ricco381
|