[英]Yii2 - Working With Multiple backend- session and cookies
讓我告訴你情況。 基本上,我在yii2高級模板中有單獨的后端。 為什么呢 這就是原因
我的辦公室在一個國家中有很多分支機構,每個分支機構都有很多部門。
這個部門,我將它們解釋為模塊。 部門名稱是相同的,但有時它們會有許多不同的行為。
例如,總部的管理員可以刪除分支機構中的員工姓名,但是管理員分支機構則不能。
因此,我選擇將它們分別分成后端文件夾,如下所示:
backend (which is portal branch and also super-admin backend)
-modules
-human_resource
backend-jkt (which is Jakarta Indonesia backend)
-modules
-human_resource
我的問題是:
當用戶成功登錄到后端時,然后我創建了一個指向backend-jkt的鏈接,它也會自動登錄。
反之亦然,
當人們直接訪問backend-jkt而不登錄后端時,它將自動重定向到后端的登錄名,
現在我的情況是:當用戶登錄到后端時,如上圖所示單擊鏈接“ Jakarta”,用戶必須再次登錄。
這是我在后端的配置
<?php
$params = array_merge(
require __DIR__ . '/../../common/config/params.php',
require __DIR__ . '/../../common/config/params-local.php',
require __DIR__ . '/params.php',
require __DIR__ . '/params-local.php'
);
return [
'id' => 'app-backend',
'name' => 'Backend System',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend\controllers',
'bootstrap' => ['log'],
'modules' => [
'mimin' => [
'class' => '\hscstudio\mimin\Module',
],
'SuperAdmin' => [
'class' => 'backend\modules\super_admin\SuperAdmin',
],
],
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_identity-backend',
'httpOnly' => true
],
],
'session' => [
// this is the name of the session cookie used for login on the backend
'name' => 'advanced-backend',
'savePath' => sys_get_temp_dir(),
],
'request' => [
'cookieValidationKey' => 'IkR77lm93Rcb9TCoYTAZ',
'csrfParam' => '_csrf-backend',
],
'assetManager' => [
'bundles' => [
'dmstr\web\AdminLteAsset' => [
],
],
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'urlManager' => [
'suffix' => '.html',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
'urlManagerBackendJkt' => [
'class' => 'yii\web\urlManager',
'baseUrl' => '/backend-jkt/web/',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
'http://jkt.tresnamuda.local/' => '@app/index',
],
],
'authManager' => [
'class' => 'yii\rbac\DbManager', // only support DbManager
],
],
'as access' => [
'class' => '\hscstudio\mimin\components\AccessControl',
'allowActions' => [
// add wildcard allowed action here!
'site/*',
'debug/*',
// 'mimin/*', // only in dev mode
],
],
'params' => $params,
];
這是后端jkt
<?php
$params = array_merge(
require __DIR__ . '/../../backend/config/params.php',
require __DIR__ . '/../../backend/config/params-local.php',
require __DIR__ . '/params.php',
require __DIR__ . '/params-local.php'
);
return [
'id' => 'app-backend_jkt',
'name' => 'Jkt Backend System',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend_jkt\controllers',
'bootstrap' => ['log'],
'modules' => [
'mimin' => [
'class' => '\hscstudio\mimin\Module',
],
],
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_identity-backend',
'httpOnly' => true
],
],
'session' => [
// this is the name of the session cookie used for login on the backend
'name' => 'advanced-backend',
'savePath' => sys_get_temp_dir(),
],
'request' => [
'cookieValidationKey' => 'IkR77lm93Rcb9TCoYTAZ',
'csrfParam' => '_csrf-backend',
],
'assetManager' => [
'bundles' => [
'dmstr\web\AdminLteAsset' => [
],
],
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'urlManager' => [
'suffix' => '.html',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
'authManager' => [
'class' => 'yii\rbac\DbManager', // only support DbManager
],
],
'as access' => [
'class' => '\hscstudio\mimin\components\AccessControl',
'allowActions' => [
// add wildcard allowed action here!
'site/*',
'debug/*',
// 'mimin/*', // only in dev mode
],
],
'params' => $params,
];
您的關於用戶瀏覽器中放置的cookie的問題按域和Path分開,因此您必須將其存儲到下一個域Path,我建議您在單擊Jakarta后將用戶ID和私鑰發送給Jakarta,然后強制登錄該用戶-通過簡單的命令ID:
if(private-key is Okey and you get $user-id by POST ) {
$user = User::findOne($user-id);
Yii::$app->getUser()->login($user);
}
私鑰很簡單,也可以說為什么可以提高安全性,所以可以保留它,然后檢查是否有用戶ID!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.