I have a registration process written in Yii2… it does the usual recording of stuff to the database and logs the user in. Autologin is set to true. I’d like to be able to use the cookie generated by the Yii2 app to log into a Yii1 app that was written a few years ago.
Comparing …User::sendIdentityCookie (Yii2) with CWebUser::saveToCookie (Yii1) it looks like the cookies themselves are different. The Yii1 cookie is serialized, then hashed while the Yii2 cookie is JSONized.
I have two questions:
[*]Is the Yii2 cookie hashed/obfuscated somewhere later, presumably CSRF?
[*]Has anyone implemented this already? Is there code than implements Yii2 autologin for Yii1 or vice versa?