login/logout functionality within modules

Hi there,

I tried to figure it out by myself, but I can’t find a solution for this:

I basically have 3 modules in my application. Each module is used as a portal (e.g.: users, companies etc.) which use their own user components and UserIdentities for authentication. A user has to be logged in into the module to access any of its controller actions (via "beforeControllerAction").

I configured the separate user components in the applications main config like this (under ‘modules’):


'modulename' => array(


                        'components' => array(


                                'user' => array(


                                        'class' => 'CWebUser',

                                        'loginUrl' => array('modulename/site/login'),

                                        'StateKeyPrefix' => '_modulename',


                                ),


                        ),


                ),

This way I can separate the different user sessions by defining the StateKeyPrefix. Everything works fine despite one thing. I can’t get the logout action to work properly. Everytime I use something like


Yii::app()->user->logout(false)

or


Yii::app()->getmodule('modulename')->user->logout(false)

it deletes EVERY session and I am logged out of all the modules.

The problem is that one should be able to have a "module A" account and a "module B" account and to be logged in in both of them at the same time with different accounts.

I need to just log out the user of the current module. Like deleting only sessions with the prefix ‘_modulename’.

Maybe someone can help. Thanks in advance!

Greetings,

Haensel

Did you check RBAC to see it can do what you intent to do by just doing application auth.

Hi,

I know that it would work that way, but as the modules are more or less separate applications I wanted them to have their own authentication, completely separated from the main application. I just wondered why you are able to login a user with


Yii:app()->getModule('modulename')->user->login()

but can’t use


Yii:app()->getModule('modulename')->user->logout()

for the logout.

Anyways. Maybe I should use RBAC instead

Hi,

try to use


Yii:app()->getModule('modulename')->user->logout(false).

or use my setup :slight_smile:

I have played some time with my admin module login, which I want to be separated from basic application.

1. Add this into Module::init()




Yii::app()->user->setStateKeyPrefix('_admin');

Yii::app()->user->setReturnUrl('/admin'); // Module base return URL

Yii::app()->user->loginUrl = 'login'; // Module login URL



2. Copy actionLogin() and actionLogout() from SiteController into Module DefaultController

3. Change loginUrl in Module DefaultController::actionLogout()

From:


$this->redirect(Yii::app()->homeUrl);

To:


$this->redirect(Yii::app()->user->loginUrl);

4. Change in both SiteController::actionLogout() and Module DefaultController::actionLogout()

From:


Yii::app()->user->logout();

To:


Yii::app()->user->logout(false);

The final step is the trick to have separated logouts.

The benefit of this setup is that you can use


Yii::app()->user

in Application and in Module. You will get allways another user identity.