[FIXED] Yii2: Why is the auth key in class User?

Issue

As the title clarifies why is the auth key introduced in Yii2? What're it's main usages and how it is useful in authentication?

Solution

The main use is to authenticate the user by cookie. When you choose to be remembered at Login, this is how you are remembered. The system has to identify and login you somehow. It can either save your username and password in a cookie (that would be unsafe) or it can remember you by other means. This is one of the means. After you login into your Yii application take a look at the _identity cookie that it creates, You will see that the auth_key is part of the cookie.

The cookie actually remembers the $id the $authKey and the $duration, an id\auth_key combination is safer to remember then a username/password one.

Answered By - Mihai P.