Module Authentication - Not Throwing 403 Error

Here is my config:


public function init()



		'errorHandler' => array(


			'errorAction' => 'dashboard/default/error',


		'user' => array(

			'class' => 'CWebUser',












// if valid user

$this->setState('is_admin', $user->is_admin); // either 1 or 0


public function accessRules()


	return array(

		array('allow',  // allow admin users to access these actions only

			'actions'=>array('index', 'create'),



		array('deny',  // deny users





What I expect is when a non-admin user tries to access ‘index’ or ‘create’ action of ManagerController, then it should throw a 403 exception (access denied). Instead it seems to just thrown standard 404 not found error page.

Anybody got any idea why it could be doing this?

‘deniedCallback’ => array($this,‘actionSomething’),

I solved this. The problem was due to the separate ‘user’ object in setComponents - I took this out and it works OK now.

I think it may be because I am doing the login using the site controller and I am using UserIdentity class which exists in the “root” components folder. So because I set a ‘stateKeyPrefix’ in the module, it is looking for a different session key.

Since the site and the module are going to use a shared login, the module can instead just inherit the user object rather than creating a new one.