AccessControl strange behaviour?

I have “allowAutoLogin” option set to “true”, so users don’t have to login everytime they visit my website (let’s say,

The problem is if you close your browser and start it again and if you had some pages opened (for example, it redirects you to login page, even though you are logged in (so you get a message that you are already logged in). If you go now to again it opens it.

Here is what I have in my controller:

class AccountController extends Controller {

    public function filters() {

        return array(




    public function accessRules() {

        return array(










    public function actionSettings() {

        echo 'some message';


    // etc.

I’ve no clue why this is happening, but possibly because access control filter runs before the session for the user has been initialized.

Any suggestions?

Thank you!

Is not a problem of your application of corse.

The server cannot know if the user closed the browser or not. The problem is that there are some browser that are configurated for delete all cookies when they close, and that’s why you loose the login.

Thanks for your reply! It actually doesn’t delete cookies, because if I go to again (after it failed the first time) I can access it (don’t need to login). So it works from the second attempt. On first attempt it redirects me to login url, but on second attempt it works fine, no login required (allowAutoLogin works).

Now it seems like there are some problems with my application. I have dynamic subdomains for users and now I’ve found out that this happens only when user tries to access a subdomain like (a “company” parameter is being passed to actionSettings).

So, this is somehow related to user subdomains…

In config do:

'user' => array(

   'class' => 'CWebUser',

   'identityCookie' => array(

      'domain' => '', // replace with your domain. make sure to keep the leading dot



The same with the session component:

'session' => array(

   'class' => 'CHttpSession',

   'cookieParams' => array(

      'domain' => '',



Now the session cookie and the auto-login cookie should be available on all subdomains.

Y!!, thanks a lot! identityCookie was the problem =)