problems logging into demo app

so I have managed to install Yii framework + demo folders on localhost on windows using xampp (PHP 5.1.6), everything works except I cannot login to the application, it accepts the username/password correctly but redirects to the front page, also I keep getting invalid verification code on the contact form.

One think I noticed is it’s creating a new session id everytime I clikc the pages and no local cookies are being created on the client browser side.

Any Ideas what the problem might be or suggestions on what I should try and do, thanks.

Just to add on the xampp install I can succesfully run my existing Codeigniter

and normal PHP scripts and can create sessions and login without any problems

It could be that the session save path of your PHP installation is not writeable by the webserver. To find out where it is, put a info.php with <?php phpinfo(); into the root folder (where your index.php is) call it from your browser and check the local value of session.save_path.

The session save path is correct because I can see the server writing the session files

in the temp directory, only thing is it’s creating a new session file everytime you click

the pages in the demo app and when I try to login I can see the correct session file being created.

but it does not send the cookie to the browser and therefore is attempting to create new blank

session files again and again.

As you see below this is the session file it’s created when I login as admin/admin, but the only thing

is it is not recognising me as logged in and redirects me to the front page hence I cannot manager or

do anything the admin user would do.

This is the session file it is creating:


Did you disable cookie mode? See here:

Also verify the other settings. If the cookie is not sent, somethings wrong with your session setup. Maybe use another non-Yii script to verify if session work at all in that folder.

Ok one thing I noticed when I run the requirements script for YII on the server is I get

a warning for "Mcrypt", I know the extensions are installed and enabled on php.ini file

versions for php_mcrypt.dll and php_mcrypt_filter.dll I have are, is this relevant?

PHP version Passed Yii Framework PHP 5.1.0 or higher is required.

$_SERVER variable Passed Yii Framework

Reflection extension Passed Yii Framework

PCRE extension Passed Yii Framework

SPL extension Passed Yii Framework

Mcrypt extension Warning CSecurityManager This is required by encrypt and decrypt methods.

SOAP extension Passed CWebService, CWebServiceAction

GD extension Passed CCaptchaAction

cookies are enabled and working fine for other sites, + I have tested one of my

codeigniter and normal php scripts on the server and they can create sessions with cookies without problems.

below are the settings I have in the php.ini file

session.save_path = "\xampplite\tmp"

session.use_cookies = 1

session.use_only_cookies = 1 = PHPSESSID

session.auto_start = 0

session.cookie_lifetime = 0

session.cookie_path = /

session.cookie_domain =

session.serialize_handler = php

session.gc_probability = 1

session.gc_divisor = 100

session.gc_maxlifetime = 1440

session.bug_compat_42 = 1

session.bug_compat_warn = 1

session.referer_check =

session.entropy_length = 0

session.entropy_file =

session.cache_limiter = nocache

session.cache_expire = 180

session.use_trans_sid = 0

session.hash_function = 0

session.hash_bits_per_character = 4

did you have asset directory and runtime directory in your app?

You may try to set your session.auto_start to 1. See if that helps.

Thanks for the suggestion, I tried this but it had no effect, in addition last night

I spent 2 hours going through changing various php.ini options for sessions + others

but it did not fix the problem.

I also downloaded the latest xampp version and tried php 5.3.1, all the requirements

passed without any warnings this time, but I am still getting the same problems with


Yes it creates the asset directory fine everything else works on the demo blog app, except

for login doesn’t work becaues of the sessions and the contact form doesn’t work because the

captcha image uses sessions.

Can you try to inspect the cookies in your request/response header in your browser (path, lifetime, …)? Something must be wrong here. A new session id could indicate that no cookie with session id could be found.

Mike here is the testing I done.

  1. I deleted all temporary files and cookies then went to online demo at

    succesfully logged in, but checked files it produces NO cookies

    it will only produce a cookie if you select the "remember me" option

  2. I then deleted all temporary files and cookies then went to localhost demo at

    I enter demo/demo and it redirects me to index.php page, but doesn’t login me in

    I retried with "remember me" on the localhost and same result but it never produced

    any cookies.

I know cookies are enabled and cookies get stored from other sites and pages.

I remember before even I used to work with MVC frameworks that localhost cookies behaved weird. I looked around like crazy to find out why the cookies saved correctly in production servers and not in localhost… solution? a freaking ‘/’

Now, maybe is dumb but, can you check if the cookie on localhost has the path set to ‘/’ and domain to ‘false’?

I know it sounds very silly but… I have seen worst things out there ( :) )

cookie path is set to "/" , the localhost server setup works fine for sessions when using normal (non-framework)

PHP scripts and works for codeigniter site I use it for but it just doesn’t seem to be working with yii.

one other thing that I have tried is to download a previous yii framework (yii-1.0.12.r1898) which I installed

and had same problem with sessions on localhsot with xampp but it works fine on unix…

The cookie sent with allowAutoLogin is not related to the PHP session cookie (default name is PHPSESSID).

Still i would advise: Inspect the headers of any request sent and response received! Don’t remember if FF has this built in by default, but you can use the httpheaders extension to see all headers. This will help you understand in which step of the process the session id is lost.

One more thing, just to make sure: Did you add any configuration to the session component in config/main.php?

no haven’t touched that file , it is the default config that comes with demo blog app,

i uploaded the same demo blog app to a unix server and it works fine there, today I checked all

the php.ini settings on unix server and they are same as what is on localhost xampp on windows.

has anybody been able to run yii on xampp on windows and test the demo blog app?

I’ll try to install XAMPP on my XP and use yii later when I got home.

IMHO, linux gives lesser headache than windows when running web applications. :)

I think we have a lot of XAMPP users here on the forum. How about a forum search?

Thanks for taking the time to test it.

I’m only using windows for development because I can use different versions

of xampp when supporting some of the legacy php applications for our sites.