Sharing Yii1 and Yii2?

I

Ivan Demidov2017-03-27 09:34:28

Yii

Ivan Demidov, 2017-03-27 09:34:28

Hello!
There are 2 projects, the main one is on yii1, the additional one (I am transferring the project in stages) on yii2. User rights, common menu, templates (as a temporary transitional measure) are ready. I can't connect autologin on 2 subdomains. Those. the task is this - the login page itself is only on the main project so far, but at the same time, when following links to a subdomain with yii2, so that the user is logged in.
Can you help with solving this problem?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

Mikhail Konyukhov, 2017-03-27
@inkognito_23

If there are exactly two subdomains, then:
1. You need to set a cookie with a token on *.domain.com
2. in the cookie with the token there must be a token, according to which your new application on yii2 will authorize the user on the fly.
In fact, the authorization has 2 logical entry points: the old login form and the cookie token.
Just do not forget to add something random and a signature to the token, something like this:

$salt = "какая то секретная строка";
$uid = ваш id юзера;
$ts = time();
$sign = sha1($uid.$ts.$salt);
$token = json_encode([ 'user_id' => $uid,  'ts'=>$ts, 'sign'=>$sign ]);

You need to validate such a token like this:

$salt = "какая то секретная строка"; //та же самая
$token = json_decode($_COOKIE['..'], true);
$uid = $token->user_id;
$signGood = sha1($uid.$token['ts'].$salt);
if ($signGood === $token['sign']) {
  //все окей, авторизуем $uid
} else {
  //какая то странная кука, не авторизуем
}

You can also check the time of issuing cookies (ts) so that it does not exceed some real limits, but in most projects this is unnecessary and will only lead to glitches