Implementation of Authentication with cookie support

aztech · December 29, 2008, 9:29pm

I've created one application where I've extended UserIdentity and I've added some states values. There is enabled authorization by cookies. In meantime (for testing purpose) I've created testdrive application (using yiic). When I tried to run this application I got following error:



YiiBase::include(UserSetting.php) [<a href='function.YiiBase-include'>function.YiiBase-include</a>]: failed to open stream: No such file or directory





Stack Trace





#0 C:xamppliteeclipseworkspaceyiiframeworkYiiBase.php(292): autoload()


#1 unknown(0): autoload()


#2 unknown(0): spl_autoload_call()


#3 C:xamppliteeclipseworkspaceyiiframeworkwebCHttpSession.php(102): session_start()


#4 C:xamppliteeclipseworkspaceyiiframeworkwebCHttpSession.php(75): CHttpSession->open()


#5 C:xamppliteeclipseworkspaceyiiframeworkbaseCApplication.php(726): CHttpSession->init()


#6 C:xamppliteeclipseworkspaceyiiframeworkwebCWebApplication.php(234): CWebApplication->getComponent()


#7 C:xamppliteeclipseworkspaceyiiframeworkwebauthCWebUser.php(83): CWebApplication->getSession()


#8 C:xamppliteeclipseworkspaceyiiframeworkbaseCApplication.php(726): CWebUser->init()


#9 C:xamppliteeclipseworkspaceyiiframeworkbaseCApplication.php(132): CWebApplication->getComponent()


#10 C:xamppliteeclipseworkspacetestdriveprotectedviewssiteindex.php(2): CWebApplication->__get()


#11 C:xamppliteeclipseworkspaceyiiframeworkwebCBaseController.php(119): require()


#12 C:xamppliteeclipseworkspaceyiiframeworkwebCBaseController.php(88): SiteController->renderInternal()


#13 C:xamppliteeclipseworkspaceyiiframeworkwebCController.php(572): SiteController->renderFile()


#14 C:xamppliteeclipseworkspaceyiiframeworkwebCController.php(505): SiteController->renderPartial()


#15 C:xamppliteeclipseworkspacetestdriveprotectedcontrollersSiteController.php(27): SiteController->render()


#16 C:xamppliteeclipseworkspaceyiiframeworkwebactionsCInlineAction.php(32): SiteController->actionIndex()


#17 C:xamppliteeclipseworkspaceyiiframeworkwebCController.php(259): CInlineAction->run()


#18 C:xamppliteeclipseworkspaceyiiframeworkwebCController.php(237): SiteController->runAction()


#19 C:xamppliteeclipseworkspaceyiiframeworkwebCController.php(219): SiteController->runActionWithFilters()


#20 C:xamppliteeclipseworkspaceyiiframeworkwebCWebApplication.php(150): SiteController->run()


#21 C:xamppliteeclipseworkspaceyiiframeworkwebCWebApplication.php(121): CWebApplication->runController()


#22 C:xamppliteeclipseworkspaceyiiframeworkbaseCApplication.php(162): CWebApplication->processRequest()


#23 C:xamppliteeclipseworkspacetestdriveindex.php(11): CWebApplication->run()

This error message is because I've used in first application UserSetting class stored in state which is not included in second application.

Any idea why Yii cookie is cross application enabled?

qiang · December 29, 2008, 10:36pm

You already know the cause: you are serializing an object whose class file is not included when it is deserialized. The solution is to include it (or put it in include path) before deserialization.

aztech · December 29, 2008, 11:18pm

Maybe I was not clear enough.

Application A (using cookies, with UserSetting class stored in state)

Application B (using cookies, no UserSetting class attached because not needed!)

I did following:

In first tab of FF I've run Application A
I've logged in into this application
In second tab of FF I've run Application B, there mentioned error occures.

This means that cookie from Application A was loaded in Application B and used! Why?

anli · December 29, 2008, 11:26pm

Before 3) the browser already has a cookie from the server and (as it must do) sends the cookie to the server doing 3).

qiang · December 30, 2008, 1:19am

Make sure the two applications have different IDs.

By default, the ID of an application is generated using the following expression:

md5($this->getBasePath().$this->name);

anli · December 30, 2008, 1:57am

As far as getBasePath() is used I can not imagine the issue reason (I don’t believe hashes are the same ). aztech, to track request/response headers (including cookies) I have found HttpFox Firefox extension very handy.

aztech · January 2, 2009, 1:08pm

Please try two projects from attachment to reporduce this error.

Do following after adjusting paths to Yii in config:

For application testdrive2 try login as admin with checked option "rememberMe".
Log out
For application testdrive try to login

You should see the error.

qiang · January 2, 2009, 3:37pm

This is not really an issue, and it has nothing to do with cookie-based login.

The problem is that your two applications are from the same domain and thus share the same session cookie and session ID. As a result, when one application is logged in, the other application (no matter it is logged in or not) will try to restore the session information saved by the first application.

You can easily reproduce the same "issue" using two simple PHP scripts.