CWebUser

CWebUser represents the persistent state for a Web application user.

CWebUser is used as an application component whose ID is 'user'. Therefore, at any place one can access the user state via Yii::app()->user. CWebUser should be used together with an {@link IUserIdentity identity} which implements the actual authentication algorithm. A typical authentication process using CWebUser is as follows:

1. The user provides information needed for authentication.
2. An {@link IUserIdentity identity instance} is created with the user-provided information.
3. Call {@link IUserIdentity::authenticate} to check if the identity is valid.
4. If valid, call {@link CWebUser::login} to login the user, and Redirect the user browser to {@link returnUrl}.
5. If not valid, retrieve the error code or message from the identity instance and display it.

The property {@link id} and {@link name} are both identifiers for the user. The former is mainly used internally (e.g. primary key), while the latter is for display purpose (e.g. username). The {@link id} property is a unique identifier for a user that is persistent during the whole user session. It can be a username, or something else, depending on the implementation of the {@link IUserIdentity identity class}. Both {@link id} and {@link name} are persistent during the user session. Besides, an identity may have additional persistent data which can be accessed by calling {@link getState}. Note, when {@link allowAutoLogin cookie-based authentication} is enabled, all these persistent data will be stored in cookie. Therefore, do not store password or other sensitive data in the persistent storage. Instead, you should store them directly in session on the server side if needed.