Yii2 - Bad Request (#400) | Frontend and backend cookies
Question
The issue appears only when I open frontend and backend in the same browser .
Scenario:
Interact with Backend -> Switched Tab -> Interact with Frontend -> Switched Tab Back -> Interact with Backend -> Bad Request (#400)
Cookie Backend
'identityCookie' => [
'name' => '_backendIdentity',
'path'=>'/admin',
'httpOnly' => true,
],
Cookie Frontend
'identityCookie' => [
'name' => '_frontendIdentity',
'path'=>'/',
'httpOnly' => true,
],
Session Backend
'session' => [
'name' => 'session_backend'
],
Session Frontend
'session' => [
'name' => 'session_frontend'
],
2 answers
solution1
2 2017-03-09 07:38:26
Thanks to @indra shastri
For those who are facing same issue:
Adding the following resolved my problem.
Backend config/main.php
'request' => [
'cookieValidationKey' => '[DIFFERENT UNIQUE KEY]',
'csrfParam' => '_backendCSRF',
],
Frontend config/main.php
'request' => [
'cookieValidationKey' => '[RANDOM KEY HERE]',
'csrfParam' => '_frontendCSRF',
],
solution2
1 ACCPTED 2017-03-09 07:02:56
CSRF的问题在frontend和backend都不同,因此当存储同一应用程序session的浏览器有2个不同的CSRF其中一个应用程序将收到Bad Request (#400)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.