Implementation of Authentication with cookie support

I've created one application where I've extended UserIdentity and I've added some states values. There is enabled authorization by cookies. In meantime (for testing purpose) I've created testdrive application (using yiic).  When I tried to run this application I got following error:

YiiBase::include(UserSetting.php) [<a href='function.YiiBase-include'>function.YiiBase-include</a>]: failed to open stream: No such file or directory

Stack Trace

#0 C:xamppliteeclipseworkspaceyiiframeworkYiiBase.php(292): autoload()

#1 unknown(0): autoload()

#2 unknown(0): spl_autoload_call()

#3 C:xamppliteeclipseworkspaceyiiframeworkwebCHttpSession.php(102): session_start()

#4 C:xamppliteeclipseworkspaceyiiframeworkwebCHttpSession.php(75): CHttpSession->open()

#5 C:xamppliteeclipseworkspaceyiiframeworkbaseCApplication.php(726): CHttpSession->init()

#6 C:xamppliteeclipseworkspaceyiiframeworkwebCWebApplication.php(234): CWebApplication->getComponent()

#7 C:xamppliteeclipseworkspaceyiiframeworkwebauthCWebUser.php(83): CWebApplication->getSession()

#8 C:xamppliteeclipseworkspaceyiiframeworkbaseCApplication.php(726): CWebUser->init()

#9 C:xamppliteeclipseworkspaceyiiframeworkbaseCApplication.php(132): CWebApplication->getComponent()

#10 C:xamppliteeclipseworkspacetestdriveprotectedviewssiteindex.php(2): CWebApplication->__get()

#11 C:xamppliteeclipseworkspaceyiiframeworkwebCBaseController.php(119): require()

#12 C:xamppliteeclipseworkspaceyiiframeworkwebCBaseController.php(88): SiteController->renderInternal()

#13 C:xamppliteeclipseworkspaceyiiframeworkwebCController.php(572): SiteController->renderFile()

#14 C:xamppliteeclipseworkspaceyiiframeworkwebCController.php(505): SiteController->renderPartial()

#15 C:xamppliteeclipseworkspacetestdriveprotectedcontrollersSiteController.php(27): SiteController->render()

#16 C:xamppliteeclipseworkspaceyiiframeworkwebactionsCInlineAction.php(32): SiteController->actionIndex()

#17 C:xamppliteeclipseworkspaceyiiframeworkwebCController.php(259): CInlineAction->run()

#18 C:xamppliteeclipseworkspaceyiiframeworkwebCController.php(237): SiteController->runAction()

#19 C:xamppliteeclipseworkspaceyiiframeworkwebCController.php(219): SiteController->runActionWithFilters()

#20 C:xamppliteeclipseworkspaceyiiframeworkwebCWebApplication.php(150): SiteController->run()

#21 C:xamppliteeclipseworkspaceyiiframeworkwebCWebApplication.php(121): CWebApplication->runController()

#22 C:xamppliteeclipseworkspaceyiiframeworkbaseCApplication.php(162): CWebApplication->processRequest()

#23 C:xamppliteeclipseworkspacetestdriveindex.php(11): CWebApplication->run()

This error message is because I've used in first application UserSetting class stored in state which is not included in second application.

Any idea why Yii cookie is cross application enabled?

You already know the cause: you are serializing an object whose class file is not included when it is deserialized. The solution is to include it (or put it in include path) before deserialization.

Maybe I was not clear enough.

Application A (using cookies, with UserSetting class stored in state)

Application B (using cookies, no UserSetting class attached because not needed!)

I did following:

  1. In first tab of FF I've run Application A

  2. I've logged in into this application

  3. In second tab of FF I've run Application B, there mentioned error occures.

This means that cookie from Application A was loaded in Application B and used! Why?

Before 3) the browser already has a cookie from the server and (as it must do) sends the cookie to the server doing 3).

Make sure the two applications have different IDs.

By default, the ID of an application is generated using the following exp​ression:


As far as getBasePath() is used I can not imagine the issue reason (I don’t believe hashes are the same  :D ). aztech, to track request/response headers (including cookies) I have found HttpFox Firefox extension very handy.

Please try two projects from attachment to reporduce this error.

Do following after adjusting paths to Yii in config:

  1. For application testdrive2 try login as admin with checked option "rememberMe".

  2. Log out

  3. For application testdrive try to login

You should see the error.

This is not really an issue, and it has nothing to do with cookie-based login.

The problem is that your two applications are from the same domain and thus share the same session cookie and session ID. As a result, when one application is logged in, the other application (no matter it is logged in or not) will try to restore the session information saved by the first application.

You can easily reproduce the same "issue" using two simple PHP scripts.