setStateKeyPrefix and auto-login in Modules

Hi, I just had a problem that I thought I’d share with the forum, possibly with a view to fixing in later versions of Yii, or just as a solution for anyone browsing the forums who has the same problem as me.

Essentially, allowAutoLogin works fine in the basic case, but in the case where the site has a separate login (an admin section, for example) the State Key Prefix needs to be changed with setStateKeyPrefix().

Now, I presume what’s happening is that the authentication is performed before the admin module is initialized, as I’ve found that the cookie ‘remember me’ validation didn’t work in my back-end, after setStateKeyPrefix was called. The solution I came up with was to modify my User class such that restoreFromCookie was called after the State Key Prefix was changed (it needs to be in the CWebUser instance, as restoreFromCookie is a protected method) by overriding the setStateKeyPrefix method as follows:

public function setStateKeyPrefix($value) {




there may be a better way of doing it, but I found this one works.


What also works for me: I configured a second CWebUser component with a different stateKeyPrefix and loginUrl. Now i can log into two different parts of my application independently:

        'adminUser'=>array(     	// Webuser for the admin area (admin)





Of course in the admin area i have to write Yii::app()->adminUser everywhere i’d usually use Yii::app()->user:

class AdminController extends Controller


    public function filters()


        return array(




    public function filterAdminAccess($filterChain)


        if ($filterChain->action->id==='login' || !Yii::app()->adminUser->isGuest)





You can also configure the modules webuser within the actual module config (components array works for modules as well).

Within your controllers of the admin module you can then do:


// If you need to access a module component from another module or the main application you can do:


cool, this I was looking for


Hi how about handling logout for differnt session. I can simultaneously logged in but I need to logout seprate for exmpale I am admin i first logged in admin and I than I logged to guest so in such case I can logged as admin and guest, but I want to logout guest or admin separately, currently when logged out using from any section guest or admin session cleared out for both logged in.

I tried this but not work any help please.

public function actionLogout() {



       // if($controller)






     public function actionGuestlogout() {



       // if($controller)