Session question

Hi, I am using Yii as an admin backend for my site.

My frontend has a members login area.

An issue I am having is the following.

If I login as a member on my site but then login in my admin area, my session id changes.

My frontend is independent from Yii, is there a reason or a way to avoid destroying my frontend session when logging in the admin panel with Yii?

I tried looking at the code but couldn’t figure out why the session id kept changing.

I think, you can avoid SID overwriting by changing cookie name for one of your apps.

For details, take a look at this.

You can use .htaccess for it.

Well to be more precise, I store the current PHPSESSID in a table in my database when my members login, and I compare the current session id with the one in the table to see if it’s there is one or not, if yes I pull the info from the table.

But when logging into the admin backend it generates a new session id.

That is what I am trying to avoid.

Is it possible to just not generate a new session id when logging into the admin backend using Yii and just use the existing one?

Or something like that?

Are they two different users in DB (one for frontend and one for backend), or there is only one (but with ‘admin’ permissions)?

Two different users.

Let’s say your an admin of the website.

And you need to login using the member’s account to see what he sees.

And you do so.

Now you want to login to your admin area.

And you go to the backend to login via Yii.

But doing so regenerates the session_id.

So when you go back to the frontend you are no longer logged.

In short this is what happens.

http://www.yiiframework.com/doc/api/1.1/CWebUser#stateKeyPrefix-detail

Well, I still see no reason why you cannot use different SID names for session cookies.

For example, default ‘PHPSESSID’ for frontend and ‘ADMINPHPSESSID’ for backend.

  1. “And you need to login using the member’s account And you do so” => frontend session got started and PHPSESSID cookie is set

  2. "Now you want to login to your admin area And you go to the backend to login via Yii" => backend session got started and ADMINPHPSESSID cookie is set

Two cookies - two sessions :) Nothing gets overwrited.

Why not?

How will that help me?

I am using session_id() to store in my table, when I do a query to check if session_id() exists in db

it will be different since when logging into Yii, it generates a new one.

Not sure if that would help me?

Can’t i just tell Yii not to recreate a new session_id if theres an existing session?

hehe :lol:

i facing the same thing . my front end is not use yii to develop .

when switch from backend to frontend or vice vase ,the session value is changed and interfere by the other.

finally i have to change the session name :




// components section:


  'session'=>array(

      'class'=>'CHttpSession',

        'sessionName'=>'my_yii_sess',

    ),




this is done in my backend yii app . so every thing seems ok now :D by the way you can use fireCookie plugin to see the sessionId