Different backend & frontend sessions in Yii advanced app

After you have setup your Yii2 advanced application yiand configured your user authentication for both frontend and backend, you try to login. However, you hit into an understandable session validation problem.
Now this could be true for an yii2-app-advanced template OR a template based on yii2-app-advanced like yii2-app-practical OR yii2-app-practical.

The Session Problem

If you have first logged into frontend, and try to access backend from the same client machine – you see no login screen for the backend app and find yourself automatically logged in.

Your need

You require that for shared machines, the user is authenticated again for a backend access again, if someone is logged in from frontend and vice versa.

Reasoning

You by default have enabled cookie based login when you have setup the yii\\\\user component. Hence the session cookie by default is same for the entire domain.

Solutions

Your solutions are a couple of options:

Option 1: Disable Autologin

You can disable cookie based login (though not desired by many). But this will require users to login each time in the client.

'user' => [
    'identityClass' => 'app\models\User',
    'enableAutoLogin' => false, // disable all cookie based authentication
]

However, if you require cookies for ideal user experience, you need to follow the approach below.

Option 2: Configure Identity Cookie and Sessions

You can configure different identity cookies for your user component for frontend and backend app. Note the unique name property in identityCookie.

In addition, you need to configure different sessions for frontend and backend. You must create a separate folder for frontend and backend for saving the session information. Create the following folders:

  • frontend/runtime/sessions
  • backend/runtime/sessions

NOTE: The following configurations are to be set within the components section of the Yii configuration file.

Backend Config

yii2-app-advanced template

// in backend/config/main.php
'user' => [
    'identityClass' => 'app\models\User',
    'enableAutoLogin' => true,
    'identityCookie' => [
        'name' => '_backendUser', // unique for backend
        'path' => '/advanced/backend/web' // correct path for backend app.
    ]
],
// unique identity session parameter for backend
'session' => [
    'name' => '_backendSessionId',
    'savePath' => __DIR__ . '/../runtime/sessions',  
],

yii2-app-practical template

// in backend/config/main.php
'user' => [
    'identityClass' => 'app\models\User',
    'enableAutoLogin' => true,
    'identityCookie' => [
        'name' => '_backendUser', // unique for backend
        'path' => '/practical/backend/web' // correct path for backend app.
    ]
],
// unique identity session parameter for backend (set by kartik-v/yii2-app-practical)
'session' => [
    'name' => '_backendSessionId',
    'savePath' => __DIR__ . '/../runtime/sessions',  
],

yii2-app-practical-a template

// in backend/config/main.php
'user' => [
    'identityClass' => 'app\models\User',
    'enableAutoLogin' => true,
    'identityCookie' => [
        'name' => '_backendUser', // unique for backend
        'path' => '/practical-a/backend' // correct path for backend app.
    ]
],
// unique identity session parameter for backend (set by kartik-v/yii2-app-practical-a)
'session' => [
    'name' => '_backendSessionId',
    'savePath' => __DIR__ . '/../runtime/sessions',  
],
Frontend Config

yii2-app-advanced template

// in frontend/config/main.php
'user' => [
    'identityClass' => 'app\models\User',
    'enableAutoLogin' => true,
    'identityCookie' => [
        'name' => '_frontendUser', // unique for frontend
        'path' => '/advanced/frontend/web' // correct path for frontend app.
    ]
],
// unique identity session parameter for frontend
'session' => [
    'name' => '_frontendSessionId',
    'savePath' => __DIR__ . '/../runtime/sessions',  
],

yii2-app-practical template

// in frontend/config/main.php
'user' => [
    'identityClass' => 'app\models\User',
    'enableAutoLogin' => true,
    'identityCookie' => [
        'name' => '_frontendUser', // unique for frontend
        'path' => '/practical/frontend' // correct path for frontend app.
    ]
],
// unique identity session parameter for frontend (set by kartik-v/yii2-app-practical)
'session' => [
    'name' => '_frontendSessionId',
    'savePath' => __DIR__ . '/../runtime/sessions',  
],

yii2-app-practical-a template

// in frontend/config/main.php
'user' => [
    'identityClass' => 'app\models\User',
    'enableAutoLogin' => true,
    'identityCookie' => [
        'name' => '_frontendUser', // unique for frontend
        'path' => '/practical-a/frontend' // correct path for frontend app.
    ]
],
// unique identity session parameter for frontend (set by kartik-v/yii2-app-practical-a)
'session' => [
    'name' => '_frontendSessionId',
    'savePath' => __DIR__ . '/../runtime/sessions',  
],

This should now allow you to have cookie based login and with different authentication sessions for frontend and backend.