I want to be able to use cookies to allow autologin, but I don't want my primary key for the user table (id) to be stored in plaintext in the cookie, which is why I don't use the solution here: http://www.yiiframework.com/wiki/6/how-to-add-more-information-to-yii-app-user/
My solution to this is storing the user id in a session variable called 'userID'. I do this for autologin by making a custom class CustomUser that extends CWebUser and setting the session variable every time init() is called:
Then, I override my UserIdentity.getId() to return that session variable:
Does anyone see anything wrong with this? Is there some problem I'm missing? I'm new to PHP and Yii, so I don't want to be making some crucial mistake.
Thanks!
My solution to this is storing the user id in a session variable called 'userID'. I do this for autologin by making a custom class CustomUser that extends CWebUser and setting the session variable every time init() is called:
class CustomUser extends CWebUser
{
public function init()
{
parent::init();
if(!$this->isGuest)
{
$model = User::model()->findByAttributes(array('email'=>$this->getName()));
Yii::app()->session['userID'] = $model->id;
}
}
}
Then, I override my UserIdentity.getId() to return that session variable:
public function getId()
{
return Yii::app()->session['userID'];
}
Does anyone see anything wrong with this? Is there some problem I'm missing? I'm new to PHP and Yii, so I don't want to be making some crucial mistake.
Thanks!