Yii2 - Working With Multiple backend- session and cookies
Question
Let me tell you the case. Basically I have separate backend in yii2 advanced template. Why ? This is the reason
My office have a lot of branch office in a country with a lot of departements of each branch.
This departements, I have interpretation of them as modules. The departement name is same but sometime, they have a lot of different behaviours.
As example admin in headquarters can erase employee name in branch office, but admin branch office , they can not.
So, I choose to separate them into backend folder each like this :
backend (which is portal branch and also super-admin backend)
-modules
-human_resource
backend-jkt (which is Jakarta Indonesia backend)
-modules
-human_resource
My question is :
When user successfully login to backend, then i created a link to backend-jkt, it's automatically login also.
As vice versa,
When people directly to backend-jkt but not logged in to backend, it's automatically redirect to backend's login,
Now my situation is: when user logged in to backend, then click link "Jakarta" as above in image, user have to sign in again.
This is my config in backend
<?php
$params = array_merge(
require __DIR__ . '/../../common/config/params.php',
require __DIR__ . '/../../common/config/params-local.php',
require __DIR__ . '/params.php',
require __DIR__ . '/params-local.php'
);
return [
'id' => 'app-backend',
'name' => 'Backend System',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend\controllers',
'bootstrap' => ['log'],
'modules' => [
'mimin' => [
'class' => '\hscstudio\mimin\Module',
],
'SuperAdmin' => [
'class' => 'backend\modules\super_admin\SuperAdmin',
],
],
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_identity-backend',
'httpOnly' => true
],
],
'session' => [
// this is the name of the session cookie used for login on the backend
'name' => 'advanced-backend',
'savePath' => sys_get_temp_dir(),
],
'request' => [
'cookieValidationKey' => 'IkR77lm93Rcb9TCoYTAZ',
'csrfParam' => '_csrf-backend',
],
'assetManager' => [
'bundles' => [
'dmstr\web\AdminLteAsset' => [
],
],
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'urlManager' => [
'suffix' => '.html',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
'urlManagerBackendJkt' => [
'class' => 'yii\web\urlManager',
'baseUrl' => '/backend-jkt/web/',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
'http://jkt.tresnamuda.local/' => '@app/index',
],
],
'authManager' => [
'class' => 'yii\rbac\DbManager', // only support DbManager
],
],
'as access' => [
'class' => '\hscstudio\mimin\components\AccessControl',
'allowActions' => [
// add wildcard allowed action here!
'site/*',
'debug/*',
// 'mimin/*', // only in dev mode
],
],
'params' => $params,
];
And this is the backend-jkt
<?php
$params = array_merge(
require __DIR__ . '/../../backend/config/params.php',
require __DIR__ . '/../../backend/config/params-local.php',
require __DIR__ . '/params.php',
require __DIR__ . '/params-local.php'
);
return [
'id' => 'app-backend_jkt',
'name' => 'Jkt Backend System',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend_jkt\controllers',
'bootstrap' => ['log'],
'modules' => [
'mimin' => [
'class' => '\hscstudio\mimin\Module',
],
],
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_identity-backend',
'httpOnly' => true
],
],
'session' => [
// this is the name of the session cookie used for login on the backend
'name' => 'advanced-backend',
'savePath' => sys_get_temp_dir(),
],
'request' => [
'cookieValidationKey' => 'IkR77lm93Rcb9TCoYTAZ',
'csrfParam' => '_csrf-backend',
],
'assetManager' => [
'bundles' => [
'dmstr\web\AdminLteAsset' => [
],
],
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'urlManager' => [
'suffix' => '.html',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
'authManager' => [
'class' => 'yii\rbac\DbManager', // only support DbManager
],
],
'as access' => [
'class' => '\hscstudio\mimin\components\AccessControl',
'allowActions' => [
// add wildcard allowed action here!
'site/*',
'debug/*',
// 'mimin/*', // only in dev mode
],
],
'params' => $params,
];
1 answers
solution1
0 2017-12-28 19:45:28
your question about cookies that place in user's browsers seprate by domain and Path , so you have to store it for next domain Path , I recommend to you after clicking Jakarta send user-id and private-key to Jakarta and there force login that user-id by simple command :
if(private-key is Okey and you get $user-id by POST ) {
$user = User::findOne($user-id);
Yii::$app->getUser()->login($user);
}
private-key is simple or advance why that you can increase your security , you may leave it and just check have user-id or not !
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.