I want to terminate user that login using one username , I save session in mongodb and delete session and change auth_key in mysql user table , and that user throw site out.But have problem , when I change auth key all those users who checked remember me , throw site logged out , , I store auth_key in session db mongodb in different way at first I save auth key in this way (web.php)
'session' => [
'class' => 'yii\mongodb\Session',
'writeCallback' => function($session)
{
return [
'user_id' => Yii::$app->user->id,
'agent' => Yii::$app->request->getUserAgent(),
'ip' => Yii::$app->request->getUserIP(),
'auth_key' => Yii::$app->security->generateRandomString(),
];
}
],But this have problem in each refresh of page the auth_key is regenerate ,
Another way i do it , i overwrite method after login but thats have problem some times the auth_key is saved but some times not.
What can I do to avoid this problem ? and what's your suggestion about this way ? Is it correct?
You must not use auth_key in writeCallback. It's Regenerate every page refresh.