Suppose a hacker has an account of your website He could set the PHPSESSID to empty After of that He login in your system The PHPSESSID remains blank and user has already logged with this session
Suppose a hacker has an account of your website He could set the PHPSESSID to empty After of that He login in your system The PHPSESSID remains blank and user has already logged with this session
This is as an extension of this wiki by Kartik V which shows to make different enableAutoLogin cookies for frontend and backend.
Getting "Expired token" errors ? Here is a solution to avoid invalid CSRF on POST or ajax requests, or user identity changes.
Your need: You require that for shared machines, the user is authenticated again for a backend access again, if someone is logged in from frontend and vice versa.
In this mini howto I would like to show how to add a required captcha field in the login form, after a defined number of unsuccessfull attempts. To do this, I will use the blog demo that you have in default Yii download package (path/to/yii/demos/blog).
I am writing this guide because I struggled to find a resource that included ALL of the necessary steps to completely separate the frontend from the backend. After reading guides like Configuring different sessions for backend and frontend in yii-advanced-app and [yii2 configuring d...
This is to show you how to use Yii2 flash messages with Kartik Growl (bootstrap notify wrapper).
In case of a multilingual application, one might consider it a reasonable approach to store the preferred language of the user in a session variable, and after that, every time a page is requested, to check this session variable and render the page in the indicated language.
This tutorial shows a Yii-way of doing this.
We implement an event handler for the onBeginRequest event; as the nam...
This solution requires Yii 1.1.9 or above
First of all, You must change component config to enable the default Yii CSRF validation.
This had me stumped for a while so I figured it would be nice to share here to avoid others the grief.