We are using a js ui frontend that communicates with a Yii 2.0 api.
In frontend/config/main.php, we have
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
],
'request' => [
'enableCookieValidation' => false,
'enableCsrfValidation' => true,
'cookieValidationKey' => 'abc...',
'parsers' => [
'application/json' => 'yii\web\JsonParser',
]
],
We have a frontend controller class AuthController extends Controller
with a login and a logout function.
In the logout function, we include \Yii::$app->user->logout();
Even so, logout leaves the user authenticated.
I’ve been trying to troubleshoot this for days. The only way I found to ensure the user stays logged out is to include the following …
$fileCache = \Yii::$app->getCache();
$fileCache->flush();
// Delete all the files in /var/lib/php/sessions
$this->destroyAllPhpSessionFiles();
Of course, the problem with that is that all users get logged out.
If I only do one of those two things, then the user remains authenticated.
Any idea what I should be doing differently?
(We also are using simplesamlphp for authentication as an SP. )