We are using a js ui frontend that communicates with a Yii 2.0 api.
In frontend/config/main.php, we have
'user' => [ 'identityClass' => 'common\models\User', 'enableAutoLogin' => true, ], 'request' => [ 'enableCookieValidation' => false, 'enableCsrfValidation' => true, 'cookieValidationKey' => 'abc...', 'parsers' => [ 'application/json' => 'yii\web\JsonParser', ] ],
We have a frontend controller
class AuthController extends Controller with a login and a logout function.
In the logout function, we include
\Yii::$app->user->logout(); Even so, logout leaves the user authenticated.
I’ve been trying to troubleshoot this for days. The only way I found to ensure the user stays logged out is to include the following …
$fileCache = \Yii::$app->getCache(); $fileCache->flush(); // Delete all the files in /var/lib/php/sessions $this->destroyAllPhpSessionFiles();
Of course, the problem with that is that all users get logged out.
If I only do one of those two things, then the user remains authenticated.
Any idea what I should be doing differently?
(We also are using simplesamlphp for authentication as an SP. )