IE 11 logout fails when enableAutoLogin is true

I am developing a new Yii-powered site. It’s based on the Basic app with the default User logging in and out. In the config, I have enabled the enableAutoLogin option, hence it’s set to true:

        'user' => [

            'identityClass' => 'app\models\User',

	    'loginUrl' => ['site/login'],

            'enableAutoLogin' => true,


The logout button is the default one from the Navbar, with POST request and VerbFilter in the controller. I noticed today that the logout button is not working anymore in IE. It works normally in Firefox, Chrome and Opera.

I’m using the default logout action:

    public function actionLogout()



        return $this->goHome();


I have verified by echoing/exiting the Session details, that the session is indeed destroyed. However, upon redirect to Home (site/index as by default), the user will be immediately logged back in with a restored Session. In Firefox, Chrome and Opera, the user is redirected to the login page (site/login) and the Session is not restored. This is what one would expect; one logs in automatically for as long as one does not logout.

When I disable the enableAutoLogin option to false, the logout button works as intended. The Session is destroyed and not restored, in all mentioned browsers.

I also tried unsetting cookies, but to no avail. Upon the redirect after logout, it logs back in immediately.

To my experience, this behavior is of a recent nature. I have tried logging in and out before and, as far as I can remember, that worked fine also in IE 11. I’m on Yii 2.0.12, and I’m updating regularly to keep up.

Anyone else having this experience with IE 11? Is it a Yii-thing or is it an IE-thing? Any suggestions to do about it?

(Please: don’t comment on the use of IE; the company it’s intended for is using it and they’re stuck to it.)

I don’t know how yii2 handles login, is it a cookie? On your server write a couple of normal php pages and write something to session. Then try to duplicate that in the regular page, i.e., try to destroy session and verify in IE11 if it is destroyed.

Remember yii2 is a php framework where you are free to use or write your own login / logout.

There is probably a setting to tell yii2 whether to use cookie or session.

Myself, I do not code in "remember me". I firmly believe in having a user logout.

Did you solve the problem? I have the same problem in another browser - Firefox.

In my case, the issue resolved itself, without updating Yii or changing any code. I guess it turned out to be an IE issue, not a Yii issue.