protected function changeIdentity($id, $name, $states) { //force regeneration of session id to avoid bug in CWebUser where empty phpsessionid will not be regenerated session_regenerate_id(true); parent::changeIdentity($id, $name, $states); }