Hi
I have yii application with frontend and backend
in frontend :
root/index.php use root/protected/config/main.php
in backend :
root/admin.php use root/protected/admin/config/main.php
so I have 2 independent Web Application that use one shared Yii framework (root/protected/framework/yii.php)
I have 2 login page , once for frontend , once for backend
for frontend I have DUserIdentity class that extends CUserIdentity and in authenticate() method I check username and password in user table after authenticate() I use Yii::app()->user->login($this->_identity,$duration); to login user
I backend I do like front end but I use different class , I have DAdminIdentity class that extends CUserIdentity and in authenticate() method I check username and password in admin table after authenticate() I use Yii::app()->user->login($this->_identity,$duration); to login user
my question is :
is this way safe that means , if a user login in frontend , and want hack me and change browser storage data , can he/she login in to backend page ?
in frontend and back end when I createWebApplication
Yii::createWebApplication($config)->run();
I use different $config so I have different web app , I think it is safe , right? I think it is same to I have one yii app and install it to different folder like root/one and root/two if a user logged in root/one he cannot login to root/two