问题
I print out the session ID like this:
<?php print YII::app()->session->sessionID; ?>
When I log-in and check my ID, it is something like: huh09vuo33scdlkmfuc8651t12, for example. If I log out and check again, my ID remains the same. However, if I then log back in again, the session ID changes!
My problem is that I have information in my session that I need to store in a cookie and reload after login. How can I uniquely establish that the user logged in is the correct user if his session ID changes?
回答1:
The component Yii::app()->user is a CWebUser instance, and CWebUser::logout(boolean $destroySession=true) documentation states:
$destroySession (boolean) whether to destroy the whole session. Defaults to true. If false, then clearStates will be called, which removes only the data stored via setState.
Actually, Yii::app()->user->logout(true) destroys the session, meaning that all the session information cannot be recovered, and it uses PHP's session unset and session destroy to unset all the session information and destroy the session ID information on the server respectively. but Yii::app()->user->logout(false) does not destroy the raw session information or unset the session ID, it only clears the session states, which is the information that Yii actually uses.. You could classify this as a "soft logout", since the raw session information is kept associated with the session and only the states are disassociated from the session ID, but the session ID remains untouched..
回答2:
Dont ask me how, but this fixed my problem:
I changed:
Yii::app()->user->logout();
to
Yii::app()->user->logout(false);
Maybe it will help someone else, or at least steer them in the right direction.
来源:https://stackoverflow.com/questions/15480229/preserve-session-on-logout-and-login