kheang
(Ken)
January 19, 2012, 2:30pm
1
Hi, I am using Yii as an admin backend for my site.
My frontend has a members login area.
An issue I am having is the following.
If I login as a member on my site but then login in my admin area, my session id changes.
My frontend is independent from Yii, is there a reason or a way to avoid destroying my frontend session when logging in the admin panel with Yii?
I tried looking at the code but couldn’t figure out why the session id kept changing.
I think, you can avoid SID overwriting by changing cookie name for one of your apps.
For details, take a look at this.
You can use .htaccess for it.
kheang
(Ken)
January 19, 2012, 8:16pm
3
Well to be more precise, I store the current PHPSESSID in a table in my database when my members login, and I compare the current session id with the one in the table to see if it’s there is one or not, if yes I pull the info from the table.
But when logging into the admin backend it generates a new session id.
That is what I am trying to avoid.
Is it possible to just not generate a new session id when logging into the admin backend using Yii and just use the existing one?
Or something like that?
Are they two different users in DB (one for frontend and one for backend), or there is only one (but with ‘admin’ permissions)?
kheang
(Ken)
January 19, 2012, 8:29pm
5
Two different users.
Let’s say your an admin of the website.
And you need to login using the member’s account to see what he sees.
And you do so.
Now you want to login to your admin area.
And you go to the backend to login via Yii.
But doing so regenerates the session_id.
So when you go back to the frontend you are no longer logged.
In short this is what happens.
andy_s
(Arekandrei)
January 19, 2012, 8:36pm
6
Well, I still see no reason why you cannot use different SID names for session cookies.
For example, default ‘PHPSESSID’ for frontend and ‘ADMINPHPSESSID’ for backend.
“And you need to login using the member’s account And you do so” => frontend session got started and PHPSESSID cookie is set
"Now you want to login to your admin area And you go to the backend to login via Yii" => backend session got started and ADMINPHPSESSID cookie is set
Two cookies - two sessions Nothing gets overwrited.
Why not?
kheang
(Ken)
January 19, 2012, 8:42pm
8
How will that help me?
I am using session_id() to store in my table, when I do a query to check if session_id() exists in db
it will be different since when logging into Yii, it generates a new one.
Not sure if that would help me?
kheang
(Ken)
January 19, 2012, 8:53pm
9
Can’t i just tell Yii not to recreate a new session_id if theres an existing session?
yiqing95
(Yiqing 95)
April 12, 2012, 3:32pm
10
hehe
i facing the same thing . my front end is not use yii to develop .
when switch from backend to frontend or vice vase ,the session value is changed and interfere by the other.
finally i have to change the session name :
// components section:
'session'=>array(
'class'=>'CHttpSession',
'sessionName'=>'my_yii_sess',
),
this is done in my backend yii app . so every thing seems ok now by the way you can use fireCookie plugin to see the sessionId