问题
In yii2 advance template.
If i am doing following i get the access of back-end without login, even if there are two different databases configuration for front-end and back-end
- Login from front-end login page.
- After successful login to front-end.
- When i open a back-end link, it is showing already logged in.
- No login is required by back-end.
- Visa - versa if i do the opposite.
How to restrict this?
回答1:
You have to set different cookies for frontend and backend in config/main.php file. For Eg.:
In backend:
'components' => [
'session' => [
'name' => 'BACKENDID', //Set name
'savePath' => __DIR__ . '/../tmp', //create tmp folder and set path
],
],
In Frontend:
'components' => [
'session' => [
'name' => 'FRONTENDID',
'savePath' => __DIR__ . '/../tmp',
],
],
That's it.
回答2:
Backend/config/main.php
'components' => [
'session' => [
'name' => 'PHPBACKSESSID',
'savePath' => __DIR__ . '/../tmp',
],
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_backendUser', // unique for backend
'path'=>'/yii-project/backend/web' // correct path for the backend app.
],
Frontend/config/main.php
'components' => [
'session' => [
'name' => 'PHPFRONTSESSID',
'savePath' => __DIR__ . '/../tmp',
],
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_frontendUser', // unique for backend
'path'=>'/yii-project/frontend/web' // correct path for the backend app.
],
回答3:
just delete in frontend|backend/config/main.php:
'components' => [
'session' => [
// this is the name of the session cookie used for login on the frontend
'name' => 'advanced-frontend', //or 'advanced-backend'
],
]
and add this in common/config/main.php
'components' => [
'session' => [
// this is the name of the session cookie used for login on the frontend
'name' => 'blablabla',
],
]
来源:https://stackoverflow.com/questions/26059108/yii2-login-give-access-to-backend-when-user-login-is-from-frontend