login/logout functionality within modules

Hi there,

I tried to figure it out by myself, but I can’t find a solution for this:

I basically have 3 modules in my application. Each module is used as a portal (e.g.: users, companies etc.) which use their own user components and UserIdentities for authentication. A user has to be logged in into the module to access any of its controller actions (via "beforeControllerAction").

I configured the separate user components in the applications main config like this (under ‘modules’):

'modulename' => array(

                        'components' => array(

                                'user' => array(

                                        'class' => 'CWebUser',

                                        'loginUrl' => array('modulename/site/login'),

                                        'StateKeyPrefix' => '_modulename',




This way I can separate the different user sessions by defining the StateKeyPrefix. Everything works fine despite one thing. I can’t get the logout action to work properly. Everytime I use something like




it deletes EVERY session and I am logged out of all the modules.

The problem is that one should be able to have a "module A" account and a "module B" account and to be logged in in both of them at the same time with different accounts.

I need to just log out the user of the current module. Like deleting only sessions with the prefix ‘_modulename’.

Maybe someone can help. Thanks in advance!



Did you check RBAC to see it can do what you intent to do by just doing application auth.


I know that it would work that way, but as the modules are more or less separate applications I wanted them to have their own authentication, completely separated from the main application. I just wondered why you are able to login a user with


but can’t use


for the logout.

Anyways. Maybe I should use RBAC instead


try to use


or use my setup :slight_smile:

I have played some time with my admin module login, which I want to be separated from basic application.

1. Add this into Module::init()


Yii::app()->user->setReturnUrl('/admin'); // Module base return URL

Yii::app()->user->loginUrl = 'login'; // Module login URL

2. Copy actionLogin() and actionLogout() from SiteController into Module DefaultController

3. Change loginUrl in Module DefaultController::actionLogout()





4. Change in both SiteController::actionLogout() and Module DefaultController::actionLogout()





The final step is the trick to have separated logouts.

The benefit of this setup is that you can use


in Application and in Module. You will get allways another user identity.