Login Authentication

nirmalroka · May 16, 2014, 4:15am

Hi I am making an booking website in yii2. I had done many projects in Yii but not even single in yii2. I had looked the yii2 docs thoroughly.and installed yii2.

In login section I had faced a problem not exactly a problem but i don’t know how to figure it out.

When I logged in backend section it will automatically logged me in frontend section vice versa. But I want to manage seprate login for them. If i logged in frontend than I don’t want to be automatically logged in in backend and vice versa.

Is there anything I am missing or does I have to define some thing extra or apply any access rule for backend user and front end user.

Further Authentication default user User model, can I change this to Member model, or Customer model or I have be strict with it and stick to user model.

My user model have may more stuff than the default do i update the default user model with my or do I update my user model with default.

kartikv · May 16, 2014, 4:23am

Looking at your requirements - you may consider implementing Role Based Access Control, by which you can control accesses by role to various parts of your application.

nirmalroka · May 16, 2014, 12:11pm

Thank you for your suggestion but

tt has only three types of users: admin, normal user customer, and hoteler. So for this simple user level does it be necessary to use RBAC. Is there any solution. To this as may other also facing this type of problem.

Does any one has solved this issue. Please let me know.

kartikv · May 16, 2014, 1:17pm

Yes but you may have different levels of accesses or views of the data for the same operation (e.g. update user profile) for each user type - admin, customer, or hotelier. An alternative solution would also be some form of RBAC implementation IMO.

amnah · May 16, 2014, 2:17pm

Why not just add a "type" field to the User model? Keep it simple and use if checks in your controllers.




if ($user->type === "customer") {}

evstevemd · May 16, 2014, 5:28pm

So create three roles.

RBAC is not complex at all. Use PHP if you do not want database things!

nirmalroka · May 17, 2014, 1:27am

Yes ther are of different level, but I wholly want to backed for admin only. I will make separate views file for admin, I will put common files in common section, I will only put non common required for backed in backend and required for frontend in frontend.

I just not want user to let logged in both section with same logged in session.5574

kartikv · May 17, 2014, 4:32am

You can try with enableAutoLogin to false.

Else… not tested this, but you can force different sessions for backend and frontend by editing your config file for the user component for backend and frontend. Check the name property in identityCookie below.




// in backend/config/main.php

'user' => [

      'identityClass' => 'app\models\User',

      'enableAutoLogin' => true,

      'identityCookie' => [

          'name' => '_backendUser', // unique for backend

          'path'=>'/advanced/backend/web'  // correct path for the backend app.

      ]

  ],

and in frontend




// in frontend/config/main.php

'user' => [

      'identityClass' => 'app\models\User',

      'enableAutoLogin' => true,

      'identityCookie' => [

          'name' => '_frontendUser',  // unique for frontend

          'path'=>'/advanced/frontend/web'  // correct path for the frontend app.

      ]

  ],

You can check the yii session management docs to control this or other parameters for your needs.

kartikv · May 17, 2014, 5:08am

Just created a wiki for this. Let’s try to edit and improve upon that for the benefit of all.