How does "Remember Me" come into being when Yii logs in?

I am generally clear about the principles of SESSION and COOKIE.

I asked my co-workers that it's best to "Remember Me" together with the table, but Yii doesn't use a watch.

Just want to know what's going on with Yii's internal implementation?

Reply content:

I am generally clear about the principles of SESSION and COOKIE.

I asked my co-workers that it's best to "Remember Me" together with the table, but Yii doesn't use a watch.

Just want to know what's going on with Yii's internal implementation?

Are you using YII1? If you keep looking down,
In the Yii source code framework/web/auth/CWebUser.php , the login method is as follows
The second parameter duration is whether to remember the settings, yii default generated form will be passed in 86400 is 30 days

 Public Function login ($identity, $duration =0) {$        id= $identity->getid ();        $states = $identity->getpersistentstates (); if ($this->beforelogin ($id, $states, False)) {$this->changeidentity ($id, $identity->getname (), $sta            TES); if ($duration >0) {if ($this->allowautologin) $this->savetocookie ($dur                ation); else throw new CException (Yii::t (' Yii ', ' {Class}.allowautologin must is set true in order to use cookie-            Based authentication. ', Array (' {class} ' =>get_class ($this))); if ($this->absoluteauthtimeout) $this->setstate (Self::auth_absolute_timeout_var, time () +            $this->absoluteauthtimeout);        $this->afterlogin (FALSE);    } return! $this->getisguest (); }

Note that the method, which saveToCookie relies on CSecurityManager The hashData method, continues to follow and can find CStatePersister some state information that depends on the store, and this information is usually located in /path/to/app/protected/runtime/state.bin .

Simply put, if you can't get what you want, state.bin you can't 程序路径 fake it.

The cookie remembers the account number, the database constructs one remembers the account number the table, when this computer accesses the time to send the cookie account number to the server, checks whether exists this account, skips the authentication password

