json_decode() expects parameter 1 to be string, array given

Hello guys,

I am new in learning yii2. I’m getting this error when I’m trying to load the index page.

The 1st strack trace displays the function loginByCookie() under vendor/yiisoft/yii2/web/User.php file (see the code below)

protected function loginByCookie()


    	$value = Yii::$app->getRequest()->getCookies()->getValue($this->identityCookie['name']);

    	if ($value === null) {



    	$data = json_decode($value, true);

    	if (count($data) !== 3 || !isset($data[0], $data[1], $data[2])) {



    	list ($id, $authKey, $duration) = $data;

    	/* @var $class IdentityInterface */

    	$class = $this->identityClass;

    	$identity = $class::findIdentity($id);

    	if ($identity === null) {


    	} elseif (!$identity instanceof IdentityInterface) {

        	throw new InvalidValueException("$class::findIdentity() must return an object implementing IdentityInterface.");


    	if ($identity->validateAuthKey($authKey)) {

        	if ($this->beforeLogin($identity, true, $duration)) {

            	$this->switchIdentity($identity, $this->autoRenewCookie ? $duration : 0);

            	$ip = Yii::$app->getRequest()->getUserIP();

            	Yii::info("User '$id' logged in from $ip via cookie.", __METHOD__);

            	$this->afterLogin($identity, true, $duration);


    	} else {

        	Yii::warning("Invalid auth key attempted for user '$id': $authKey", __METHOD__);



It specifies the error on this line

 $data = json_decode($value, true); 


I already cleared the cache of my browser but the error always appears. Is there anything that I miss or something I forgot to do?

Please help.

Thank you.

Apparently your $value is an array instead of string. You need to check what is returned with Yii::$app->getRequest()->getCookies()->getValue($this->identityCookie[‘name’]);

what does not make sense to me why are you decoding a cookie

This is the framework code from Yii2.

@bizley I know its yii 2 what I mean by does not make sense in terms of code, I meant in terms logic what is he trying to do

You have to ask Yii2 development team because it’s their code ;)

Thanks Bizley for the reply. I tried your check the value if identityCookie[‘name’] and this is the result

Array ([0] => _identity, [1] => [1,"hVNYa4B3jNvzPwPUUkgmz1G8g3OyGdYM",2592000] ) 

But when I set enableAutoLogin on user component, the site work fine. Is this a bug or something?

It looks like enableAutoLogin has to be set in order to enable all cookie-based login but if not you shouldn’t get any errors from that method. Do you have the latest Yii2 version?

Yes I have the latest yii version. I try to set enableAutoLogin to false on my linux machine but when I used it on windows, no errors was shown if I set enableAutoLogin to true.

do you even know what I am talking about read the response before you reply

Well, do you know what you are talking about? Because you mentioned "someone" twice. Who is this "he" you are talking about?

Is it Terence Aleguiojo? I guess not, he’s just trying to load the index page and gets the error in Yii2 core method.

So maybe this "he" is one of the Yii2 authors? You know - the one that wrote the piece of code?

Anyway, this is entertaining but I would rather help Terence. Can any Yii2 users (or better Yii2 developers) help here?

@bizley thank you genius if you don’t know who I am talking about then you should probably go back to school at least learn the basics and then join the discussion


I am not sure how you storing the cookies are you encoding the data to json before you set it as a cookie, if you decoding the value you better have a encoded json object as a string, if you giving it an array literal then its gonna blow up

$data = json_decode($value, true); // in this case $value must be a encoded json

First of all I would like to ask mods to move this topic to Yii2 where it belongs.

Second - alirz23, this is very childish of you. Please be so kind and tell me who you talk about because it is unclear. And just to clarify things from my end let me explain you how I see things here.

  • Terence is using Yii2 and it gives him error when he’s trying to load the index page.

  • Apparently the error is given by the json_decode function localised in the loginByCookie() which is core Yii2 method.

  • This method does not decode the cookie value as you implied but it decodes the session identity stored as the cookie value.

  • This process is done by the Yii2 engine so accusing Terence of doing so is weird because he is not calling the method himself and did not do any change to it. That is why I’m asking who are you referring to.

okay its my bad i did not notice the loginByCookie is implemented by the User class provided by yii2 out of the box, I was under the impression that terence implemented loginByCookie

I have a system running in yii2 in production for past 1 year now I started developing with yii2 a while back its weird i don’t have that method in user.php I guess I must have removed it when I started the project

you have to check your yii2 version. cookie storage format has changed since 2.0.* versions, therefore “old” cookies could crush your app if you’re using * version in composer.

[color="#006400"]/* NOTE: moved to proper section (Yii2 instead of Yii 1.1.x) */[/color]