CWebUser represents the persistent state for a Web application user.

CWebUser is used as an application component whose ID is 'user'. Therefore, at any place one can access the user state via Yii::app()->user. CWebUser should be used together with an {@link IUserIdentity identity} which implements the actual authentication algorithm. A typical authentication process using CWebUser is as follows:
  1. The user provides information needed for authentication.
  2. An {@link IUserIdentity identity instance} is created with the user-provided information.
  3. Call {@link IUserIdentity::authenticate} to check if the identity is valid.
  4. If valid, call {@link CWebUser::login} to login the user, and Redirect the user browser to {@link returnUrl}.
  5. If not valid, retrieve the error code or message from the identity instance and display it.
The property {@link id} and {@link name} are both identifiers for the user. The former is mainly used internally (e.g. primary key), while the latter is for display purpose (e.g. username). The {@link id} property is a unique identifier for a user that is persistent during the whole user session. It can be a username, or something else, depending on the implementation of the {@link IUserIdentity identity class}. Both {@link id} and {@link name} are persistent during the user session. Besides, an identity may have additional persistent data which can be accessed by calling {@link getState}. Note, when {@link allowAutoLogin cookie-based authentication} is enabled, all these persistent data will be stored in cookie. Therefore, do not store password or other sensitive data in the persistent storage. Instead, you should store them directly in session on the server side if needed.


Displaying 1-10 of 13 results.
allowAutoLogintrueWhether to enable cookie-based login. Defaults to false.boolean
guestName'Guest'The name for a guest user. Defaults to 'Guest'. This is used by {@link getName} when the current user is a guest (not authenticated).string
loginUrlarray ( '/site/login', )The URL for login. If using array, the first element should be the route to the login action, and the rest name-value pairs are GET parameters to construct the login URL (e.g. array('/site/login')). If this property is null, a 403 HTTP exception will be raised instead. @see CController::createUrlstring|array
identityCookienullThe property values (in name-value pairs) used to initialize the identity cookie. Any property of {@link CHttpCookie} may be initialized. This property is effective only when {@link allowAutoLogin} is true.array
authTimeoutnullTimeout in seconds after which user is logged out if inactive. If this property is not set, the user will be logged out after the current session expires (c.f. {@link CHttpSession::timeout}). @since 1.1.7integer
autoRenewCookiefalseWhether to automatically renew the identity cookie each time a page is requested. Defaults to false. This property is effective only when {@link allowAutoLogin} is true. When this is false, the identity cookie will expire after the specified duration since the user is initially logged in. When this is true, the identity cookie will expire after the specified duration since the user visits the site the last time. @see allowAutoLogin @since 1.1.0boolean
autoUpdateFlashtrueWhether to automatically update the validity of flash messages. Defaults to true, meaning flash messages will be valid only in the current and the next requests. If this is set false, you will be responsible for ensuring a flash message is deleted after usage. (This can be achieved by calling {@link getFlash} with the 3rd parameter being true). @since 1.1.7boolean
loginRequiredAjaxResponsenullValue that will be echoed in case that user session has expired during an ajax call. When a request is made and user session has expired, {@link loginRequired} redirects to {@link loginUrl} for login. If that happens during an ajax call, the complete HTML login page is returned as the result of that ajax call. That could be a problem if the ajax call expects the result to be a json array or a predefined string, as the login page is ignored in that case. To solve this, set this property to the desired return value. If this property is set, this value will be returned as the result of the ajax call in case that the user session has expired. @since 1.1.9 @see loginRequiredstring
behaviorsarray()The behaviors that should be attached to this component. The behaviors will be attached to the component when {@link init} is called. Please refer to {@link CModel::behaviors} on how to specify the value of this property.array
idnullThe unique identifier for the user. If null, it means the user is a guest.mixed