Question:
I did some research on the standard example and found out that the validateAuthKey() function is not called at all. Why is it needed then, how to call it correctly, how to work with it correctly?
public function validateAuthKey($authKey)
{
Yii::info('test ================');
return $this->authKey === $authKey;
}
Answer:
validateAuthKey() validates $authKey – the hash stored in the cookie. Called for cookie authentication in yii\web\User::loginByCookie when $enableAutoLogin = true
protected function loginByCookie()
{
...
if ($identity->validateAuthKey($authKey)) {
if ($this->beforeLogin($identity, true, $duration)) {
$this->switchIdentity($identity, $this->autoRenewCookie ? $duration : 0);
$ip = Yii::$app->getRequest()->getUserIP();
Yii::info("User '$id' logged in from $ip via cookie.", __METHOD__);
$this->afterLogin($identity, true, $duration);
}
}
...
}