Hi all,
I am trying to understand how Yii Cookie Based Authentication actually works. I will try to explain as detail as I can of what I did.
I have developed 2 sites, they are: site1.domain.com, and site2.domain.com.
The Requirements:
When a user is logged in on site1.domain.com, then he will also be logged in to the site2.domain.com. But site1.domain.com will always be the main entry gate.
Technical Outcomes are:
-
Login page will always be on the site1.domain.com
-
User Credentials’ Database is on site1.domain.com
-
site2.domain.com will have no login page, and if the user is not logged in on site1.domain.com, he will then be redirected to site1.domain.com.
-
site2.domain.com also has LoginForm and a UserIdentity that will identify everything (referer, etc…), that accepts posted data from site1.domain.com. Using CURL the "validated" data from site1.domain.com will be posted to site2.domain.com.
-
site2.domain.com will perform validation, and everything, and if the data is valid, then it will let the user login, generates states.bin under "runtime" folder.
What I have done so far:
On site1.domain.com, using Yii Authentication and Authorization and CURL to also login to site2.domain.com. The login works fine, and Yii was also able to recognize the user on site2.domain.com, short to say, it worked. And Yii generated states.bin under "runtime" folder on the site2.domain.com, also under "runtime" folder on site1.domain.com.
Then, I redirected the user from site1.domain.com to site2.domain.com, expecting that I am going to see the Dashboard, but instead I was redirected back to site1.domain.com login page as if I was not logged in. I checked everything, and I am pretty sure I did set everything up.
The question:
I am not sure how Yii generate Cookie, but it seems that this way won’t work. Do you have any other suggestions?
Many thanks.
