I have “allowAutoLogin” option set to “true”, so users don’t have to login everytime they visit my website (let’s say, website.com).
The problem is if you close your browser and start it again and if you had some pages opened (for example, website.com/account/settings) it redirects you to login page, even though you are logged in (so you get a message that you are already logged in). If you go now to website.com/account/settingsagain it opens it.
Here is what I have in my controller:
class AccountController extends Controller {
public function filters() {
return array(
'accessControl',
);
}
public function accessRules() {
return array(
array('allow',
'actions'=>array(),
'users'=>array('@'),
),
array('deny',
'users'=>array('*'),
),
);
}
public function actionSettings() {
echo 'some message';
}
// etc.
I’ve no clue why this is happening, but possibly because access control filter runs before the session for the user has been initialized.
The server cannot know if the user closed the browser or not. The problem is that there are some browser that are configurated for delete all cookies when they close, and that’s why you loose the login.
Thanks for your reply! It actually doesn’t delete cookies, because if I go to website.com/account/settings again (after it failed the first time) I can access it (don’t need to login). So it works from the second attempt. On first attempt it redirects me to login url, but on second attempt it works fine, no login required (allowAutoLogin works).
Now it seems like there are some problems with my application. I have dynamic subdomains for users and now I’ve found out that this happens only when user tries to access a subdomain like company.website.com/account/settings (a “company” parameter is being passed to actionSettings).
'user' => array(
'class' => 'CWebUser',
'identityCookie' => array(
'domain' => '.example.com', // replace example.com with your domain. make sure to keep the leading dot
),
),
