Yii2 - Bad Request (#400) | Frontend and backend cookies

问题

The issue appears only when I open frontend and backend in the same browser.

Scenario:

Interact with Backend -> Switched Tab -> Interact with Frontend -> Switched Tab Back -> Interact with Backend -> Bad Request (#400)

Cookie Backend

'identityCookie' => [
                'name' => '_backendIdentity',
                'path'=>'/admin',
                'httpOnly' => true,
            ],

Cookie Frontend

'identityCookie' => [
                    'name' => '_frontendIdentity',
                    'path'=>'/', 
                    'httpOnly' => true,
                ],

Session Backend

'session' => [
            'name' => 'session_backend'
        ],

Session Frontend

'session' => [
            'name' => 'session_frontend'
        ],

回答1:

It is the issue of CSRF that are different on the both frontend and backend so when a browser storing the session of same application have 2 different CSRF then one of the application will get Bad Request (#400)

回答2:

Thanks to @indra shastri

For those who are facing same issue:

Adding the following resolved my problem.

Backend config/main.php

'request' => [
                'cookieValidationKey' => '[DIFFERENT UNIQUE KEY]',
                'csrfParam' => '_backendCSRF',
            ],

Frontend config/main.php

'request' => [
            'cookieValidationKey' => '[RANDOM KEY HERE]',
            'csrfParam' => '_frontendCSRF',
        ],

来源：https://stackoverflow.com/questions/42672186/yii2-bad-request-400-frontend-and-backend-cookies

标签

php

yii2

yii2-advanced-app

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!