Yii2 - 使用多个后端会话和cookie

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Yii2 - 使用多个后端会话和cookie相关的知识,希望对你有一定的参考价值。

我告诉你这个案子。基本上我在yii2高级模板中有单独的后端。为什么?这就是原因

我的办公室在一个国家有很多分支机构,每个分支机构都有许多部门。

这些部分,我将它们解释为模块。部门名称相同,但有时候,它们有很多不同的行为。

例如总部的管理员可以删除分支机构中的员工姓名,但是管理员分支机构,他们不能。

所以,我选择将它们分成后端文件夹,每个都是这样的:

backend  (which is portal branch and also super-admin backend)
  -modules
    -human_resource

backend-jkt (which is Jakarta Indonesia backend)
  -modules
    -human_resource

enter image description here

我的问题是:

当用户成功登录后端时,我创建了一个指向backend-jkt的链接,它也会自动登录。

反之亦然,

当人们直接后端-jkt但没有登录到后端时,它会自动重定向到后端的登录,

现在我的情况是:当用户登录到后端,然后单击图像中的链接“雅加达”,用户必须再次登录。

这是我在后端的配置

<?php
$params = array_merge(
    require __DIR__ . '/../../common/config/params.php',
    require __DIR__ . '/../../common/config/params-local.php',
    require __DIR__ . '/params.php',
    require __DIR__ . '/params-local.php'
);

return [
    'id' => 'app-backend',
    'name' => 'Backend System',
    'basePath' => dirname(__DIR__),
    'controllerNamespace' => 'backendcontrollers',
    'bootstrap' => ['log'],
    'modules' => [
        'mimin' => [
            'class' => 'hscstudiomiminModule',
        ],
        'SuperAdmin' => [
            'class' => 'backendmodulessuper_adminSuperAdmin',
        ],
    ],
    'components' => [
        'user' => [
            'identityClass' => 'commonmodelsUser',
            'enableAutoLogin' => true,
            'identityCookie' => [
                'name' => '_identity-backend',
                'httpOnly' => true
            ],
        ],
        'session' => [
            // this is the name of the session cookie used for login on the backend
            'name' => 'advanced-backend',
            'savePath' => sys_get_temp_dir(),
        ],
        'request' => [
            'cookieValidationKey' => 'IkR77lm93Rcb9TCoYTAZ',
            'csrfParam' => '_csrf-backend',
        ],

        'assetManager' => [
            'bundles' => [
                'dmstrwebAdminLteAsset' => [

                ],
            ],
        ],

        'log' => [
            'traceLevel' => YII_DEBUG ? 3 : 0,
            'targets' => [
                [
                    'class' => 'yiilogFileTarget',
                    'levels' => ['error', 'warning'],
                ],
            ],
        ],
        'errorHandler' => [
            'errorAction' => 'site/error',
        ],
        'urlManager' => [
            'suffix' => '.html',
            'enablePrettyUrl' => true,
            'showScriptName' => false,
            'rules' => [
            ],
        ],

        'urlManagerBackendJkt' => [
            'class' => 'yiiweburlManager',
            'baseUrl' => '/backend-jkt/web/',

            'enablePrettyUrl' => true,
            'showScriptName' => false,
            'rules' => [
                'http://jkt.tresnamuda.local/' => '@app/index',
            ],
        ],
        'authManager' => [
            'class' => 'yii
bacDbManager', // only support DbManager
        ],

    ],
    'as access' => [
        'class' => 'hscstudiomimincomponentsAccessControl',
        'allowActions' => [
            // add wildcard allowed action here!
            'site/*',
            'debug/*',
            // 'mimin/*', // only in dev mode
        ],
    ],
    'params' => $params,
];

而这就是后端-jkt

<?php
$params = array_merge(
    require __DIR__ . '/../../backend/config/params.php',
    require __DIR__ . '/../../backend/config/params-local.php',
    require __DIR__ . '/params.php',
    require __DIR__ . '/params-local.php'
);

return [
    'id' => 'app-backend_jkt',
    'name' => 'Jkt Backend System',
    'basePath' => dirname(__DIR__),
    'controllerNamespace' => 'backend_jktcontrollers',
    'bootstrap' => ['log'],
    'modules' => [
        'mimin' => [
            'class' => 'hscstudiomiminModule',
        ],
    ],
    'components' => [
        'user' => [
            'identityClass' => 'commonmodelsUser',
            'enableAutoLogin' => true,
            'identityCookie' => [
                'name' => '_identity-backend',
                'httpOnly' => true
            ],
        ],
        'session' => [
            // this is the name of the session cookie used for login on the backend
            'name' => 'advanced-backend',
            'savePath' => sys_get_temp_dir(),
        ],
        'request' => [
            'cookieValidationKey' => 'IkR77lm93Rcb9TCoYTAZ',
            'csrfParam' => '_csrf-backend',
        ],

        'assetManager' => [
            'bundles' => [
                'dmstrwebAdminLteAsset' => [

                ],
            ],
        ],

        'log' => [
            'traceLevel' => YII_DEBUG ? 3 : 0,
            'targets' => [
                [
                    'class' => 'yiilogFileTarget',
                    'levels' => ['error', 'warning'],
                ],
            ],
        ],
        'errorHandler' => [
            'errorAction' => 'site/error',
        ],
        'urlManager' => [
            'suffix' => '.html',
            'enablePrettyUrl' => true,
            'showScriptName' => false,
            'rules' => [
            ],
        ],

        'authManager' => [
            'class' => 'yii
bacDbManager', // only support DbManager
        ],

    ],
    'as access' => [
        'class' => 'hscstudiomimincomponentsAccessControl',
        'allowActions' => [
            // add wildcard allowed action here!
            'site/*',
            'debug/*',
            // 'mimin/*', // only in dev mode
        ],
    ],
    'params' => $params,
];
答案

你的问题是关于存放在用户浏览器中的cookie由域和路径分开的,所以你必须将它存储到下一个域路径,我建议你点击雅加达后发送用户ID和私钥到雅加达,并强制登录该用户 - id通过简单的命令:

if(private-key is Okey and you get $user-id by POST ) {

$user = User::findOne($user-id);
Yii::$app->getUser()->login($user);

}

私钥很简单或提前为什么你可以提高你的安全性,你可以保留它,只是检查是否有用户ID!

以上是关于Yii2 - 使用多个后端会话和cookie的主要内容,如果未能解决你的问题,请参考以下文章

Yii2 高级应用,前端和后端的不同会话与子域

Java web后端4 会话 Cookie Session

Yii2-设置和获取删除Cookies空值分析(有代码)

会话技术知识点整理(Cookie和Session)

Nginx 会话保持

每个请求使用不同的 cookie 域进行快速会话?