Web services and authenticated sessions

Having some trouble getting this working. I’m not sure if my problem is yii based or not.

I want to allow SOAP users to authenticate themselves. But I can’t get sessions working correctly.

The SOAP server code is set up to login (as usual) using UserIdentity etc and my client is able to get the PHPSESSID from the response.

But, for some reason, the logged in session is not maintained when the client makes its next request.

(Even though it is passing in the PHPSESSID as a cookie).

Has anyone ran into this?

Did you check out how the phonebook demo implements IWebServiceProvider?

class SiteController extends CController implements IWebServiceProvider


public function beforeWebMethod($service)







  if(!Yii::app()->user->isGuest || preg_match($pattern,$service->methodName))

    return true;


    throw new CException('Login required.');


public function afterWebMethod($service)




Worked for me. Not sure this will solve your problem, though.


Nope, I have something similar in my code.

I have a filter which loads the user object into the controller class if they are logged in. My beforeWebMethod method checks to see if this obj was loaded successfully and denies access if not, unless they are accessing the getAuthentication method… If the session was maintained, the user obj would be created. I will change this user object check to Yii::app()->user->isGuest for clarity, but unfortunately this doesn’t fix the problem :(.

Surely PHPSESSID is all my client needs to pass back in order for the PHP server code to reestablish the session? Am I missing something here?

I have a feeling that the server side code may not be at fault here, since few people have suggestions for me :). But I might be wrong.