CODEWITHSUNDEEP
phptemplatesyii2
Florin Mateescu
Florin Mateescu

Reputation: 197

Yii2 Advanced Template

I have installed and configured the yii2 advanced template. Everyone is saying that they want to separate frontend login from backend login, but I want to do the opposite.

What i want is, when I login to frontend, i should also remain logged in on backend side. I tried different configurations but when I login to frontend and go to backend area I'm a guest!

frontend: photography.dev backend: admin.photography.dev

By default everyone says that yii2 advanced template has the same login for both: frontend and backend, but in my case it isn't true.

EDIT: Updated with complete backend, frontend and common configs

Common:

return [
'vendorPath' => dirname(dirname(__DIR__)) . '/vendor',
'components' => [
    'cache' => [
        'class' => 'yii\caching\FileCache',
    ],
],
];

Backend:

<?php
$params = array_merge(
require(__DIR__ . '/../../common/config/params.php'),
require(__DIR__ . '/../../common/config/params-local.php'),
require(__DIR__ . '/params.php'),
require(__DIR__ . '/params-local.php')

);

return [
'id' => 'app-backend',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend\controllers',
'bootstrap' => ['log'],
'modules' => [],
'components' => [
    'user' => [
        'identityClass' => 'common\models\User',
        'enableAutoLogin' => true,
        'enableSession' => true,
        'idParam' => '_user',
        'identityCookie' => [
            'name' => '_user',
            'path'=>'/'
        ]
    ],
    'urlManager' => [
        'enablePrettyUrl' => true,
        'showScriptName' => false,
        'rules' => [
            '/' => 'site/index',
            '<alias:login|logout|about|contact>' => 'site/<alias>'
        ]
    ],
    'urlManagerFrontEnd' => [
        'class' => 'yii\web\urlManager',
        'baseUrl' => 'http://photography.dev',
        'enablePrettyUrl' => true,
        'showScriptName' => false,
    ],
    'log' => [
        'traceLevel' => YII_DEBUG ? 3 : 0,
        'targets' => [
            [
                'class' => 'yii\log\FileTarget',
                'levels' => ['error', 'warning'],
            ],
        ],
    ],
    'errorHandler' => [
        'errorAction' => 'site/error',
    ],
],
'params' => $params,
];

Backend environment dev:

$config = [
'components' => [
    'request' => [
        // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
        'cookieValidationKey' => '',
    ],
],
];

Frontend:

<?php
$params = array_merge(
require(__DIR__ . '/../../common/config/params.php'),
require(__DIR__ . '/../../common/config/params-local.php'),
require(__DIR__ . '/params.php'),
require(__DIR__ . '/params-local.php'));

return [
'id' => 'app-frontend',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'controllerNamespace' => 'frontend\controllers',
'components' => [
    'user' => [
        'identityClass' => 'common\models\User',
        'enableAutoLogin' => true,
        'enableSession' => true,
        'idParam' => '_user',
        'identityCookie' => [
            'name' => '_user',
            'path'=>'/'
        ]
    ],
    'urlManager' => [
        'enablePrettyUrl' => true,
        'showScriptName' => false,
        'rules' => [
            '/' => 'site/index',
            'index' => 'site/index',
            '<alias:login|logout|about|contact|index>' => 'site/<alias>'
        ],
    ],
    'urlManagerBackend' => [
        'class' => 'yii\web\urlManager',
        'baseUrl' => 'http://admin.photography.dev',
        'enablePrettyUrl' => true,
        'showScriptName' => false,
    ],
    'log' => [
        'traceLevel' => YII_DEBUG ? 3 : 0,
        'targets' => [
            [
                'class' => 'yii\log\FileTarget',
                'levels' => ['error', 'warning'],
            ],
        ],
    ],
    'errorHandler' => [
        'errorAction' => 'site/error',
    ],
],
'params' => $params,
];

Frontend dev environment:

$config = [
'components' => [
    'request' => [
        // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
        'cookieValidationKey' => 'iGk90GAbgQg2jT5aQ5PMcG1A3A9E_iNq',
    ],
],
];

Upvotes: 0

Views: 1122

Answers (2)

JonathanStevens
JonathanStevens

Reputation: 472

Make sure that the cookie uses the same settings in both the frontend as the backend part. Because your admin section is located in a subdomain and Yii takes that as the default domain value, you should also set the domain setting, like as follows:

'user' => [
    'identityClass' => 'common\models\User',
    'enableAutoLogin' => true,
    'identityCookie' => [
        'name'     => '_identity',
        'path'     => '/',
        'httpOnly' => true,
        'domain'   => 'photography.dev',
    ],
],
'session' => [
    'name' => 'PHPFRONTENDBACKENDSESSID',
    'cookieParams' => [
        'httpOnly' => true,
        'path'     => '/',
        'domain'   => 'photography.dev',
    ],
],

The browser will always use the most specific cookie, so a cookie on admin.photography.dev would overrule a cookie on photography.dev

Edit: if you want to change the csrf cookie as well, you can use this in frontend/config/main.php and backend/config/main.php:

'request' => [
    'baseUrl'    => '',
    'csrfParam'  => '_csrf',
    'csrfCookie' => [
        'httpOnly' => true,
        'path'     => '/',
        'domain'   => 'photography.dev',
    ],
],

If you do this, make sure that the cookieValidationKey in frontend/config/main-local.php and backend/config/main-local.php are the same.

Upvotes: 1

Maddelynne P
Maddelynne P

Reputation: 624

You would have to use the same session name for both applications for the login to apply to both applications.

Upvotes: 0

Related Questions