Hi all!
I've followed the authentication tutorials here, but i wonder if Yii has a workaround for using both cookies and sessions for authentication. I want to allow use of the "remember me" button, but still save the roles, emails and such in sessions for security.
Acording to the yii-manual the CBaseUserIdentity::setState will use cookies if its enabled, and use sessions if its set to false.
Im thinking about a solution where you save a sha1($username $password) in the cookie, and make a method that gathers the other information in a auto-load-if-logged-in sort of way, but im not sure how secure it is, and if it might put to much unnessesary stress on the DB-server.
Anyone made anything like that work, or has any idea?
Edit: tags turned out wrong, cant seem to edit them. authentication spelled wrong, and also stuck together with cookies tag.