Suppose a hacker has an account of your website He could set the PHPSESSID to empty After of that He login in your system The PHPSESSID remains blank and user has already logged with this session
Yii Framework Wiki
Wiki articles tagged with "session"
Showing 1-7 of 7 items.
Make the authentication more securely
Created 10 years ago by Kostas Apazidis (KonApaz),
updated 10 years ago by Kostas Apazidis (KonApaz).
1 comment
Checking for "expired" sessions/logins on the client side
Getting "Expired token" errors ? Here is a solution to avoid invalid CSRF on POST or ajax requests, or user identity changes.
Show captcha after <N> unsuccessfull attempts
In this mini howto I would like to show how to add a required captcha field in the login form, after a defined number of unsuccessfull attempts. To do this, I will use the blog demo that you have in default Yii download package (path/to/yii/demos/blog).
Using loginRequiredAjaxResponse to solve ajax session timeout
This solution requires Yii 1.1.9 or above
Manage (Target) Language in Multilingual Applications + A Language Selector Widget (i18n)
In case of a multilingual application, one might consider it a reasonable approach to store the preferred language of the user in a session variable, and after that, every time a page is requested, to check this session variable and render the page in the indicated language.
This tutorial shows a Yii-way of doing this.
We implement an event handler for the onBeginRequest event; as the nam...
How to validate CSRF token with session
First of all, You must change component config to enable the default Yii CSRF validation.
Single sign on across multiple subdomains
This had me stumped for a while so I figured it would be nice to share here to avoid others the grief.