1

View:

<?php
    $modelLogin = new \app\models\LoginForm();
?>
<div class="auth_box">
    <?php $form = ActiveForm::begin([
        'id' => 'login-form',
        'action' => ['site/login'],
        'enableClientValidation' => false,
        'enableAjaxValidation' => true,
        //'options' => ['class' => 'form-horizontal'],
        'fieldConfig' => [
            'template' => "{input}\n<div class=\"form_error\">{error}</div>"
        ]
    ]); ?>

    <?= $form->field($modelLogin, 'username')->textInput(['placeholder' => 'Login']) ?>

    <?= $form->field($modelLogin, 'password')->passwordInput(['placeholder' => 'Password']) ?>

    <?= $form->field($modelLogin, 'rememberMe', [
        'template' => "{input}",
    ])->checkbox() ?>

    <?= Html::submitInput('Enter') ?>

    <?php ActiveForm::end(); ?>

    <a href="#" id="restore_password">I don't remember my password</a>
</div>

Controller:

public function actionLogin()
{
    if (!\Yii::$app->user->isGuest) {
        return $this->goHome();
    }

    $modelLogin = new LoginForm();

    if (Yii::$app->request->isAjax) {
        $modelLogin->load(Yii::$app->request->post());
        Yii::$app->response->format = Response::FORMAT_JSON;
        return ActiveForm::validate($modelLogin);
    } elseif ($modelLogin->load(Yii::$app->request->post()) && $modelLogin->login()) {
        return $this->goBack();
    }
}

Model, method login:

public function login()
{
    if ($this->validate()) {
        return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600 * 24 * 365 : 0);
    } else {
        return false;
    }
}

When I check "remember me" my cookies looks like:

enter image description here

There is _identity parameter.

When I don't check "remember me" my cookies looks like:

enter image description here

There is not _identity parameter.

In both cases I'm always authorized after reopening my browser.

Moe Far
  • 2,742
  • 2
  • 23
  • 41
Bohdan Vorona
  • 685
  • 1
  • 13
  • 26
  • 1
    Are you using chrome? Chrome is known for not deleting session cookies which would explain the fact of being always authorized after closing the browser (Check http://stackoverflow.com/a/10772420/1235708). The _identity parameter is probably the cookie being used by yii to store identity information for authenticating the user through cookies, which would explain the fact of only being set when you set the remember me checkbox. – bfilipesoares Jul 03 '15 at 11:37
  • @bfilipesoares Yes, Chrome. But... my Chrome can use many people =) – Bohdan Vorona Jul 03 '15 at 11:41
  • Yes, I get it... but no way around it... For you to logout the user (in chrome), you have to log him out server side (aka implicitly change/destroy his session). However, if you try in Firefox, after closing the window the user will not be authenticated when you open again. – bfilipesoares Jul 03 '15 at 13:19

1 Answers1

0

You can change the session timeout in PHP to 1 minute or smaller.
Enable auto login. In User class override afterLogin function to change AuthKey each auto login .

Ngô Văn Thao
  • 3,671
  • 1
  • 20
  • 24