Unstable Shared Session Between Applications

xverah · February 25, 2014, 9:51am

Hi guys,

I have two Yii applications in one server like so:

Both the applications use the same database. We need to implement a single sign on so that when the user logs in the other app, it will also be logged in the other. We did this via saving the session made in the database, and this is the configuration we made in config/main.php:


'components'=>array(

		'user'=>array(

			// enable cookie-based authentication

			'allowAutoLogin'=>true,

			'class'=>'WebUser',

			'stateKeyPrefix' => 'key',

		),

		'session'=>array(

                        'class'=>'CDbHttpSession',

                        'connectionID'=>'db',

                        'sessionTableName'=>'YiiSession',

                        'timeout' => 1440

                ),

The settings are the same in both the apps. Yep even the ‘name’ and the ‘stateKeyPrefix’. However, the problem is, in my machine, the SSO works, but on the other machine, it totally doesn’t work or it works one-way, (app1->app2 success or app2->app1 unsuccessful). As far as I know, the machines do not implement load balancer. I was wondering if I missed a step implementing this SSO and if you can enlighten me.

Thank you loads!

redguy · February 25, 2014, 1:21pm

how are those application exposed to the world? what are their domains and path (base URLs)? it can be session cookie issue - on your local machine you probably have applications in different directories and cookie is created for ‘localhost/’. I would check that out carefully - i.e. debug your session cookies with firebug on production environment.

–EDIT

aaah… I didn’t read carefully your post. they are on same domain. but still - check if they share same cookie (cookies may be bound also to directory under a domain)

xverah · February 26, 2014, 4:47am

Hey redguy, thanks for replying. I checked the cookies, and they don’t share the same cookie when I redirect from app1 to app2. However, when I just create a new tab, they do share the same cookie. I wonder if there’s anyway to make the cookie not change when redirecting.

bagwari65 · February 26, 2014, 5:02am

if u will use cookie, it can help in case of same system as I think…just try it.

xverah · February 26, 2014, 6:40am

Hi Mannu, what do you mean by use cookie?