How to share cookie and session between backend_1 and backend_2

[gb5256]

Hello,
while there are a lot of discussions on this board around how NOT to share cookies and sessions between apps, I am looking for a way to explicitly do it, but I can't get it working.

So I have two backends, backend_1 and backend_2.
I would like that if a user is logged into backend_1 that he also is auto-logged into Backend_2 if he switches the subdomain.

So I have given both the same

And I made sure that this below is the exact same at both apps

• cookieValidationKey
• crsfParam
• identityCokie -> name
• session -> name

When I use the inspector after stichting from backend_1 to backend_2 in the browser, I can see that the cookie has the same name, but the value of the cookie is different.
If I manually change the value of the cookie to the value I can so on the backend_1, then it works and I am logged in.

Could it be that my session storage on DB is the problem?

  'components' => [
    'request' => [
        'csrfParam' => '_csrf-backend_1_and_2', //this is the same on both APPs
    ],
    'cache' => [
        'keyPrefix' => 'backend_1',
    ],
    'user' => [
        'authTimeout' => 8 * 60 * 60,
        'enableAutoLogin' => true,
        'identityCookie' => ['name' => '_identity_backend_1_and_2', 'httpOnly' => true], //this is the same on both APPs
    ],
    'session' => [
        'class' => 'yii\web\DbSession',
        'writeCallback' => function ($session) {
            return [
                'user_id' => Yii::$app->user->id,
                'last_write' => time(),
            ];
        },
        'cookieParams' => ['httponly' => true, 'lifetime' => 8 * 60 * 60],
        'timeout' => 8 * 60 * 60, //session expire
        'useCookies' => true,
        'name' => 'advanced-backend_1_and_2', //this is the same on both APPs
    ],

Additional info

Q	A
Yii version 2.0.45
PHP version 8.0
Operating system Ubuntu 20.04

[gb5256]

Does anybody have an idea how to solve this?

[schmunk42]

Using a DbSession is one solution Von meinem iPhone gesendet

…

Am 16.12.2022 um 17:09 schrieb gb5256 ***@***.***>:  Does anybody have an idea how to solve this? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

[DeryabinSergey]

But how to make session_id equal for backend_1 and backed_2

[DeryabinSergey]

If domains are different - maybe disable store session Id in cookie and try to use in get/post params Another case - make extra auth/logout controller in backend‘s. Redirect to another backend after success on first. Set/Remove cookie and redirect back Пт, 16 дек. 2022 г. в 17:09, gb5256 ***@***.***>:

…

Does anybody have an idea how to solve this? — Reply to this email directly, view it on GitHub <#528 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AB2PRXBXWUYPLJYM2WBV7EDWNSH3PANCNFSM6AAAAAATBFDLC4> . You are receiving this because you are subscribed to this thread.Message ID: <yiisoft/yii2-app-advanced/repo-discussions/528/comments/4424262@ github.com>

[samdark]

What are your domains?