[英]Yii2 - Working With Multiple backend- session and cookies
Let me tell you the case. 让我告诉你情况。 Basically I have separate backend in yii2 advanced template. 基本上,我在yii2高级模板中有单独的后端。 Why ? 为什么呢 This is the reason 这就是原因
My office have a lot of branch office in a country with a lot of departements of each branch. 我的办公室在一个国家中有很多分支机构,每个分支机构都有很多部门。
This departements, I have interpretation of them as modules. 这个部门,我将它们解释为模块。 The departement name is same but sometime, they have a lot of different behaviours. 部门名称是相同的,但有时它们会有许多不同的行为。
As example admin in headquarters can erase employee name in branch office, but admin branch office , they can not. 例如,总部的管理员可以删除分支机构中的员工姓名,但是管理员分支机构则不能。
So, I choose to separate them into backend folder each like this : 因此,我选择将它们分别分成后端文件夹,如下所示:
backend (which is portal branch and also super-admin backend)
-modules
-human_resource
backend-jkt (which is Jakarta Indonesia backend)
-modules
-human_resource
My question is : 我的问题是:
When user successfully login to backend, then i created a link to backend-jkt, it's automatically login also. 当用户成功登录到后端时,然后我创建了一个指向backend-jkt的链接,它也会自动登录。
As vice versa, 反之亦然,
When people directly to backend-jkt but not logged in to backend, it's automatically redirect to backend's login, 当人们直接访问backend-jkt而不登录后端时,它将自动重定向到后端的登录名,
Now my situation is: when user logged in to backend, then click link "Jakarta" as above in image, user have to sign in again. 现在我的情况是:当用户登录到后端时,如上图所示单击链接“ Jakarta”,用户必须再次登录。
This is my config in backend 这是我在后端的配置
<?php
$params = array_merge(
require __DIR__ . '/../../common/config/params.php',
require __DIR__ . '/../../common/config/params-local.php',
require __DIR__ . '/params.php',
require __DIR__ . '/params-local.php'
);
return [
'id' => 'app-backend',
'name' => 'Backend System',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend\controllers',
'bootstrap' => ['log'],
'modules' => [
'mimin' => [
'class' => '\hscstudio\mimin\Module',
],
'SuperAdmin' => [
'class' => 'backend\modules\super_admin\SuperAdmin',
],
],
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_identity-backend',
'httpOnly' => true
],
],
'session' => [
// this is the name of the session cookie used for login on the backend
'name' => 'advanced-backend',
'savePath' => sys_get_temp_dir(),
],
'request' => [
'cookieValidationKey' => 'IkR77lm93Rcb9TCoYTAZ',
'csrfParam' => '_csrf-backend',
],
'assetManager' => [
'bundles' => [
'dmstr\web\AdminLteAsset' => [
],
],
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'urlManager' => [
'suffix' => '.html',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
'urlManagerBackendJkt' => [
'class' => 'yii\web\urlManager',
'baseUrl' => '/backend-jkt/web/',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
'http://jkt.tresnamuda.local/' => '@app/index',
],
],
'authManager' => [
'class' => 'yii\rbac\DbManager', // only support DbManager
],
],
'as access' => [
'class' => '\hscstudio\mimin\components\AccessControl',
'allowActions' => [
// add wildcard allowed action here!
'site/*',
'debug/*',
// 'mimin/*', // only in dev mode
],
],
'params' => $params,
];
And this is the backend-jkt 这是后端jkt
<?php
$params = array_merge(
require __DIR__ . '/../../backend/config/params.php',
require __DIR__ . '/../../backend/config/params-local.php',
require __DIR__ . '/params.php',
require __DIR__ . '/params-local.php'
);
return [
'id' => 'app-backend_jkt',
'name' => 'Jkt Backend System',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend_jkt\controllers',
'bootstrap' => ['log'],
'modules' => [
'mimin' => [
'class' => '\hscstudio\mimin\Module',
],
],
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_identity-backend',
'httpOnly' => true
],
],
'session' => [
// this is the name of the session cookie used for login on the backend
'name' => 'advanced-backend',
'savePath' => sys_get_temp_dir(),
],
'request' => [
'cookieValidationKey' => 'IkR77lm93Rcb9TCoYTAZ',
'csrfParam' => '_csrf-backend',
],
'assetManager' => [
'bundles' => [
'dmstr\web\AdminLteAsset' => [
],
],
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'urlManager' => [
'suffix' => '.html',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
'authManager' => [
'class' => 'yii\rbac\DbManager', // only support DbManager
],
],
'as access' => [
'class' => '\hscstudio\mimin\components\AccessControl',
'allowActions' => [
// add wildcard allowed action here!
'site/*',
'debug/*',
// 'mimin/*', // only in dev mode
],
],
'params' => $params,
];
your question about cookies that place in user's browsers seprate by domain and Path , so you have to store it for next domain Path , I recommend to you after clicking Jakarta send user-id and private-key to Jakarta and there force login that user-id by simple command : 您的关于用户浏览器中放置的cookie的问题按域和Path分开,因此您必须将其存储到下一个域Path,我建议您在单击Jakarta后将用户ID和私钥发送给Jakarta,然后强制登录该用户-通过简单的命令ID:
if(private-key is Okey and you get $user-id by POST ) {
$user = User::findOne($user-id);
Yii::$app->getUser()->login($user);
}
private-key is simple or advance why that you can increase your security , you may leave it and just check have user-id or not ! 私钥很简单,也可以说为什么可以提高安全性,所以可以保留它,然后检查是否有用户ID!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.