I have been using Capistrano to deploy my Yii webapp for a while and it works great except one issue: After every deployment, the session cookies seem to be reset or erased. Everyone has to logon to my site again, even though they have the login sessions expire in 30 days.
I suspect this is because the way Capistrano deploys webapp to a new release folder based on current timestamp.
Anyone here using Capistrano seeing the same issue?
If you look at the sources, you see, that Yii uses CApplication::getId() when it creates a unique cookie ID for each user. This method uses the basePath to create a unique ID. basePath is set from the constructor of CApplication. In the setter there’s a call to realpath() which expands all symbolic links.
So your assumption is right: The timestamped folder name Capistrano uses on each deployment affect the cookie ID used for authentication.
One workaround (there might be better ones): You could override CWebUser with you custom WebUser component and override getStatKeyPrefix() there. It’s up to you to think about a safe logic to create unique cookie IDs then.
Please forget what i said above, it’s not related to your case: the cookie i talked about is only used for the auto login feature. It’s separate from teh session cookie which is created by PHP.
Do you maybe save session files inside the application folder? And forgot to copy this folder after deployment?
EDIT: Or maybe my answer above is related. Not sure about your exact problem: You mentioned "session cookies" - if you meant "authentication cookies" then my answer should help. Sessions should not expire when you deploy, so currently logged in users should still stay login until the session expire.
I’m also using Capistrano to deploy Yii apps and see this problem. In my case, I am using MySQL sessions. I am going to override CWebUser right now to see if that fixes it, although I really don’t understand why the session cookies aren’t working after a deploy. I certainly see your point about the auto-login persistent cookies, so I’ll report back once I get that working with the aforementioned suggestion.
Meanwhile, if you’ve made any progress please let me know. I am planning to devote some serious time to this problem this week, so if you’ve already found a solution, please help save me some time!
My pull was rejected, but qiangxue provided a reasonable solution. In your config file (probably protected/config/main.php) you must add an "id" key to the array with a unique property like this:
return array(
// This allows you to deploy Yii projects with Capistrano. The value is
// not important as long as it is very hard to guess and is NOT based on
// the absolute path of your protected/ directory.
"id" => md5(php_uname().'somerandomtext'),
);