Khalid Al-Mutawa
Reputation: 869
Yii2 - User Identity Secure?
Is there any way a user can force switch his Yii::$app->user->identity without logging into another account?
During development I was logged in as user id #1. I made some design changes to the view then hit refresh then I was suddenly logged in as user id #3 (which I don't have the access details for)
I relogged and tried replicating the issue but it never happened again
Upvotes: 0
Views: 274
Answers (2)
Eduardo
Reputation: 1831
Maybe you opened another session in other tab or window. Probably that was the issue. It never happened to me. If you want to force it you can use:
http://www.yiiframework.com/doc-2.0/yii-web-user.html#switchIdentity()-detail
I have never use it personally, but it is available.
Upvotes: 0
Related Questions
- Yii2: how to use different auth methods in API
- yii2 disable inbuilt authentication
- Yii2 Rest API user authentication
- Yii2: Simultaneous authentication between frontend and API
- What authentication should I use in an api developed with Yii 2?
- yii2 Useage of user identity in index page
- Yii2 Username and password encryption
- Yii 2.0 authentication in UserIdentity without database
- How do I implement my own authentication in Yii2?
- Yii Framework & user authentication