Yii 2.0: Yii2: Configuring different sessions for backend and frontend in Yii Advanced Application Template

7 followers

This is as an extension of this wiki by Kartik V which shows to make different enableAutoLogin cookies for frontend and backend.

What else is needed ΒΆ

That take us in a situation where if either the backend or frontend is already signed in, and we open another window or tab for the other, then it will get automatically signed in..

because session cookie is the same.

So, here we add session component in the backend and frontend configuration file. In addition, we need to make custom folders named 'tmp' (or whatever name suits you) in the backend folder and frontend folder respectively.

Backend Config

'components' => [
        'session' => [
            'name' => 'PHPBACKSESSID',
            'savePath' => __DIR__ . '/../tmp',
        ],
    ],

Frontend Config

'components' => [
        'session' => [
            'name' => 'PHPFRONTSESSID',
            'savePath' => __DIR__ . '/../tmp',
        ],
    ],

Now, you can have different sessions for frontend and backend in the same browser.

Total 2 comments

#18455 report it
hrnair at 2014/10/31 11:03pm
Adding cookie path

@le_top, thanks, I did not have to use this in Yii 1.1. But for a requirement in new Yii2 project, where the advanced template backend was supposed to be used exclusively for admin purposes, I wanted this situation. Still as per this above wiki, the backend session cookie was found accessible to frontend. So we need to add the path and now that is OK.

'components' => [
        'session' => [
            'name' => 'PHPBACKSESSID',
            'savePath' => __DIR__ . '/../tmp',
            'cookieParams' => [
                'path'=>'https://url/to/backend'  //
            ],
        ],
    ],
#18454 report it
le_top at 2014/10/31 03:30pm
I use different 'id's for this:

I also have different 'id's:

'id'=>($isAdmin?'8ef5061c':'c1605fe8'),

And here is my session configuration. The commented options were probably used with the standard session implementation (I use the CDbHttpSession).

'session'=>array(
                        'sessionName'=>$isAdmin?"adminSession":"PHPSESSID",
                        'class'=>'CDbHttpSession',
                        'autoCreateSessionTable'=>true,
                        'connectionID'=>'db',
                        //'useTransparentSessionID' =>isset($_POST['PHPSESSID']) ? true : false,
                        //'cookieMode'=>'none',
                        'timeout'=>$isAdmin?10*3600:24*3600,
                ),

Leave a comment

Please to leave your comment.