Demos · Guide · Class Reference · Wiki · Extensions · Live Chat
search

Yii Framework Forum: Multi-Server Authentication Failure with DB sessions - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Multi-Server Authentication Failure with DB sessions Rate Topic: -----

#1 User is offline   Brasuca 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 15
  • Joined: 05-August 10
  • Location:Belo Horizonte, Brazil

Posted 17 May 2011 - 03:55 PM

Hi there.

This is not really a bug report but rather an esoteric behavior that I hope can help others save the time I spent debugging it.

I am implementing a scalable multi-server deployment of a Yii application (using haproxy as a round-robin load-balancer, no session affinity) and I took all the necessary/recommended steps:

1- Used DB sessions for session sharing;
2- Made sure the runtime folder contents is shared by all servers;

Nevertheless, I could not get authentication to function properly when submitting requests to different servers, although sessions and authentication cookies seemed to be working in the proper way.

So, after careful study of the framework, I found out that Yii stores authentication information in the session record by prefixing it with the application ID. However, this application ID depends on the base location of the application installation.

It turns out that indeed my application was installed in different locations on different servers and the ID was not matching. Therefore there is a third step to the list above:

3- Make sure your app is installed in the same folder throughout all servers.

Hope this saves your time!

Best
1

#2 User is offline   Rodrigo Coelho 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 646
  • Joined: 05-August 10
  • Location:Rio de Janeiro, Brazil

Posted 17 May 2011 - 04:12 PM

What about using CApplication::id?
Setting the same id in each server wouldn't help?
Rodrigo Coelho


Check my extension
giix: a code generator for Yii. Posted Image


The complete beginner's study guide for the Yii Framework
0

#3 User is offline   R2D2 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 09-January 13

Posted 09 January 2013 - 04:07 AM

View PostBrasuca, on 17 May 2011 - 03:55 PM, said:


It turns out that indeed my application was installed in different locations on different servers and the ID was not matching. Therefore there is a third step to the list above:

3- Make sure your app is installed in the same folder throughout all servers.

Hope this saves your time!

Best


Good suggestions! Thx!

Maybe there is another way.

in CWebUser , it's
public function setState($key,$value,$defaultValue=null)
{
$key=$this->getStateKeyPrefix().$key;
if($value===$defaultValue)
unset($_SESSION[$key]);
else
$_SESSION[$key]=$value;
}

public function getStateKeyPrefix()
{
if($this->_keyPrefix!==null)
return $this->_keyPrefix;
else
return $this->_keyPrefix=md5('Yii.'.get_class($this).'.'.Yii::app()->getId());
}

So, if we set same CWebUser prefixKey in protected/config/main.php, the session is shared by the key. just like following:

'components'=>array(
'user'=>array(
// enable cookie-based authentication
'allowAutoLogin'=>true,
'stateKeyPrefix'=>'justsameuser',
),
}
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users