External Authentification

New to Yii, set it all up and all working great so far.

My question is not handled in any of the docs i could find

On my login controller I’m calling external API of other system, passing email and password over HTTP and in response I receive JSESSIONID cookie.

I’ve create a custom class that implements the Identify interface named CmsUser , I’m creating an instance, setting the property and pass it to the login.

  $identity = new \common\models\CmsUser();

            $identity->id = $body['id'];

            $identity->firstName = $body['firstName'];

            $identity->lastName = $body['lastName'];

            $identity->isDriver = $body['isDriver'];

            $identity->email = $body['email'];

            $identity->authorities = $body['authorities'];

            $identity->jSessionId = $cookies['JSESSIONID'];


The the login controller redirects to site/index and display the firstname and last name correctly.

Also from layout the next part of code is showing the logout so Yii knows user is logged in

    if (Yii::$app->user->isGuest) {

        $menuItems[] = ['label' => 'Signup', 'url' => ['/site/signup']];

        $menuItems[] = ['label' => 'Login', 'url' => ['/login/index']];

    } else {

        $menuItems[] = '<li>'

            . Html::beginForm(['/site/logout'], 'post')

            . Html::submitButton(

                'Logout (' . Yii::$app->user->identity->fullName() . ')',

                ['class' => 'btn btn-link logout']


            . Html::endForm()

            . '</li>';


No cookies are written and also when I click on another link the Logout button is gone so Yii no longer knows the user->identity that is logged in.

What am I missing here?

$cookie is undefined in your function so you just need to define [size="2"]$cookies.[/size]

$cookies = Yii::$app->response->cookies;

[size=“2”]Since it’s authentication and important to always work, I would look at setting your JSESSIONID into session or local storage because if a user has cookies turned off this won’t work. [/size]

Here is cookie and session handling docs

Thanks for the feedback.

I’ve added the writing of the cookie

$cookieCollection = Yii::$app->response->cookies;

            $cookieCollection->add(new \yii\web\Cookie([

                'name' => 'JSESSIONID',

                'value' => $jSessionId,

                'expire' => time() + 86400


$jsessionId has value 6bb65a16-3d13-4dbe-834a-557b46fb06b which i check with print_r but writing it and looking in application/cookies shows me


and the redirect to home page shows me all properties of my user->identity but when Yii still thinks this user is guest.

For subsequent API calls to external systems i need the JSESSIONID and of course need to know if th euser is already authenticated.

si i think i need to override the way that Yii is checking for current user but have no clue where or how