Verify email address operation should not log in the user

[SOHELAHMED7]

Verify email address operation should not log in the user.

Yii::$app->user->login($user) should be removed from

yii2-app-advanced/frontend/controllers/SiteController.php

Line 230 in 9117802

if (($user = $model->verifyEmail()) && Yii::$app->user->login($user)) {

Only email verification should be done. Once it is verified user should manually login at login page

Additional info

Q	A
Yii version
PHP version
Operating system

[mtangoo]

But it is a template that someone is supposed to adopt to his own need. One will want auto login and another not wanting it, can remove. Can you explain why is it a problem?

I think adding documentation should be enough as we cannot cater every possible use case

[SOHELAHMED7]

There is no problem in existing way. I would say better way is to not automatically log in the user. User can login only if password is provided (login form). Most of the web apps does not automatically log in the user. It just verifies the email address.

[mtangoo]

I will remove it and document it for those who want to login automatically. What do you think @yiisoft/core-developers

[mtangoo]

@bizley @rhertogh

[machour]

I think this really boils down to a personal preference. I'd leave the template as it is and as it have been functioning for years.

[mtangoo]

I think this really boils down to a personal preference. I'd leave the template as it is

In this case we should put a note to the documentation on the default behavior of the verify so that one cannot be surprised by the current behaviour (Especially new comers).

What do you think of that?

[bizley]

I would remove the login() step it. It will not affect existing apps and new projects will be safer after the change.

[mtangoo]

Let us continue discussion if any on #557