i have created 2 yii2 applications
composer create-project --prefer-dist --stability=dev yiisoft/yii2-app-basic basictest1
and
composer create-project --prefer-dist --stability=dev yiisoft/yii2-app-basic basictest2
opening 2 tabs
http://localhost/yii2/basictest1/web/index.php?r=site/login
http://localhost/yii2/basictest2/web/index.php?r=site/login
What happen is that after login (always tested with admin/admin) i get forwarded to site/login and get a Bad Request (#400)
if i have a "secured page" e.g. extending the sitecontroller that site/about is only for registered users
'access' => [
'class' => AccessControl::className(),
'only' => ['logout','about'],
'rules' => [
[
'actions' => ['logout','about'],
'allow' => true,
'roles' => ['@'],
],
],
],
and i open again 2 tabs (or at least logout before so i get the login page)
http://localhost/yii2/basictest1/web/index.php?r=site/about
http://localhost/yii2/basictest2/web/index.php?r=site/about
i will get the login form. The return url should be for each tab the corresponding about page.
i have loaded the basictest1 web app first and opened the basictest2 as the second tab.
again i get a page with Bad Request (#400) on both.
ok back logout on both apps.
and visiting these 2 urls (load basictest 2 first then basictest1)
http://localhost/yii2/basictest2/web/index.php?r=site/about
http://localhost/yii2/basictest1/web/index.php?r=site/about
login on the basictest2 => get Bad Request (#400) => click "login" in the menue.
Login successfully "BUT" the page is then
http://localhost/yii2/basictest1/web/index.php?r=site/about
instead of basictest2.
this is of course because the returnUrl is stored in the session which are the same.
In Yii 1 i could set the a unique stateKeyPrefix per app for the User
'stateKeyPrefix'=>'uniqueprefix_per_app',
and Session
'sessionName' => 'uniquesessionname_per_app',
And each application has their own session and authentication.
In Yii2 i have to set the "path" in the configs like this, if i want to have more than one applikation to be running on the same domain.
'session' => [
'cookieParams' => ['path'=>'/yii2/basictest1','httponly'=>1], // correct path for the basictest1 app.
]
Then i can login for one or the other app in the same domain.
But i still get a Bad Request (#400) when clicking logout in basictest1 if was also logined in the second app basictest2.
So i still have to set this settings in the config for each app to make everything work.
'user' => [
'identityClass' => 'app\models\User',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_basictest1',
'path'=>'/yii2/basictest1' // correct path for the basictest1 app.
]
],
It is clear that this is only needed to configure in the development phase or in the case that multiple yii2 apps are running in the same domain.
I could setup individual vhosts to also solve this problem in the development phase.
I think it was “easier” to get this running in yii1 or is there some other way which i don’t know?
I had the hope that the ‘id’ in the config is enough to get the app some unique behaviour, but sadly this is not the case.
regards Horizons