Yii2 php sessions question

'm attempting to run a Craft app alongside a Yii2 application currently. I’ve got the correct app bootstrapping at the correct time but am running into a session writing issue.

I’m writing the sessions into a local file (default apache2 file).

For some reason when I attempt to add a variable to the session using $_SESSION[‘something’] = ‘test’; in my Yii2 app it becomes unavailable the minute the app shuts down.

I’m adding this ‘something’ key to the session in Yii2 and attempt to access the session variable in my Craft app about 3 seconds later.

Any ideas why this session variable is getting lost? If I print out the $_SESSION before I return from my Yii2 app it’s there but then it gets lost from the session after my action finishes executing?

The way my controller finishes executing is this:


//Setup for the return of JSON.

        \Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;

        header('Content-type: application/json');


        $returnData = self::filterOutSensitiveResponseInfo($returnData);


        //Get timeouts for the front-end.

        $returnData = [

            "responseData" => $returnData

        ];


        //Handle logging of the return from controller.

        if(self::includeCurrentActionInLogs()){

            self::logActionTiming();        

            self::logActionResponse($returnData);

        }


        //output JSON to the front-end.

        echo json_encode($returnData, JSON_PRETTY_PRINT);


        //Handle successful shutdown of the application.

        \Yii::$app->end();

        return;



Once this code is done executing I’m immediately calling another controller action and looking at $_SESSION but that variable I stored previously is no longer there?

I think the issue is with these settings::

session.cooke_secure ON

session.name = CraftSessionId

session.cookie_httponly ON

^ these are the settings for CraftCMS

session.cooke_secure OFF

session.name = PHPSessionId

session.cookie_httponly OFF

^ these are the settings for Yii2.

How do I change these settings to match Craft?

First of all, it’s safe to remove




\Yii::$app->end();

return;



As for session, it seems you have it custom-configured in the way that is not suitable for concurrency at all. Consider using database or Redis.

Thanks for the tip with end(), didn’t think it was necessary but figured better safe than sorry.

So I run a memcached config on AWS that is used for non-local development. However, locally we use the typical filecache in /var/lib/php/sessions. I see that CraftCMS has changed the session config which makes concurrency with Yii2 almost impossible in terms of sessions.

Is there no way to change these settings in yii2? I could change them manually in my ini file, but I prefer to keep my cookbooks clean as possible.

I was able to change CraftCMS sessoin.name back to the default PHPSESSID (or whatever it is) so now I just need the httponly and secure set to true. I’m seeing that you can set these in web.php but when I try and do a phpinfo() it’s not showing them as “ON”?

That’s fine since it’s not overriding global settings.