I have a Cakephp application and Yii application running on the same server. And their session config are
Cakephp:
Configure::write('Session', array(
'defaults' => 'php',
'ini' => array(
'session.cookie_path' => '/cakephp_app',
),
'cookie' => 'PHPSESSID'
));
Yii:
'session' => array(
'autoStart' => true,
'timeout' => 5400,
'sessionName' => 'YIIAPP',
)
I supposed their session will be separated, but the result is negative.
Since the cakephp app is already in production, so what can I do to separate the Yii session from the cakephp session?
And can anyone tell me how come my Yii is still using the PHPSESSID session, rather than then 'YIIAPP' session?
I've tested this and adding:
'sessionName' => 'YiiAPP'
worked first time for me.
However, I then added
session_start()
To my index.php file - and this then shows the PHPSESSID. So I suspect somewhere in your code you are using session_start() - which Yii doesn't need. It starts its own session automatically.
Related
I am trying to set up my CakePHP 3.8 project on a GCP "Compute Engine" VM.
I have set up my app.php to use the following DB configuration:
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'datasource' => 'Database/Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'user',
'password' => 'password',
'database' => 'dbname',
'prefix' => '',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
'log' => false,
'flags' => [
PDO::MYSQL_ATTR_INIT_COMMAND => "SET ##SESSION.sql_mode='';",
// uncomment below for use with Google Cloud SQL
PDO::MYSQL_ATTR_SSL_KEY => CONFIG.'ssl/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT => CONFIG.'ssl/client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA => CONFIG.'ssl/server-ca.pem',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
],
'cacheMetadata' => true,
'log' => false,
My problem happens when I try to run migrations. The site works just fine with the above configuration, however, if I run
$> php bin/cake.php migrations migrate
I get a slew of errors saying that it cannot connect, access denied for user#host.
If I add
'ssl_key' => CONFIG .'ssl/client-key.pem',
'ssl_cert' => CONFIG . 'ssl/client-cert.pem',
'ssl_ca' => CONFIG . 'ssl/server-ca.pem',
I get an error:
Caused by: [PDOException] PDO::__construct(): Peer certificate CN=`gcpname:gcpserver' did not match expected CN=`111.111.111.111' in /var/www/mydomain.com/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/PdoAdapter.php on line 79
I guess this is because the migrations plugin still doesn't pass the flags or custom mysql_attr_* options over to the Phinx connection configuration, see this issue:
https://github.com/cakephp/migrations/issues/374
I don't think there's much that can be done here, other than adding support for flags / attribute options, or using Phinx directly (ie without the Migrations plugin).
I've pushed a PR that would add support for driver specific flags, you might want to give it a try and comment on the issue or the PR whether it works for you (it's for CakePHP 4.x (Migrations 3.x), I'll backport it for CakePHP 3.x (Migrations 2.x) in case it's being accepted):
https://github.com/cakephp/migrations/pull/478
my site have config load balancer from https to http
and in my cource code /app/Config/core.php
Configure::write('Session', array(
'defaults' => 'cake',
'timeout' => 4320,
'checkAgent' => false,
'cookieTimeout'=>0,
'ini' => array(
'session.cookie_secure' => false,
'session.referer_check' =>false
)
));
it's mean that session is store in /app/tmp/. and timeout 3days.
but when i open the browser(Chrome/IE) it create a session in folder app/tmp/
and I close the browser and open it again, it create a new file. So the old Session lose??
I've change to config defaults =>'php' but it's the same.
Can Anyone help me!
Thanks in advance!
You have Session.cookieTimeout set to 0. Remove Session.cookieTimeout and it will default to Session.timeout value - 4320
I have some question about yii authentication.
can yii create authentication for module and for site separated authentication. for example I have module learnings it will have it's own authentication. and also site has own authentication.
somesite/login - this will be site login
somesite/module_name/login - this will be module authentication
and then it can't access user from site login to module actions and
user from module login can't access site actions
where need authentication
let assume Admin is your module ,
Inside your admin/AdminModule.php file, add the following lines to the 'init' function
Yii::app()->setComponents(array(
'errorHandler' => array(
'errorAction' => 'admin/default/error',
),
'user' => array(
'class' => 'CWebUser',
'stateKeyPrefix' => '_admin',
'loginUrl' => Yii::app()->createUrl($this->getId() . '/default/login'),
),
));
for more info Module based login yii
Some of the details in the main.php needed by all application instances (URL details) and some details will be specific to each application instance (database details).
Is there any idea to separate the database details from protected/config/main.php?
Just include the shared configuration from another PHP file:
main.php:
return array
(
....
'components' => array
(
'db' => include('sharedDatabaseConfiguration.php');
)
);
sharedDatabaseConfiguration.php:
return array('host' => ...);
You might have to add a path or something, depending where the file is stored.
Edit: Btw, Yii also has a fancy CMap::mergeArray() function that can do something similar (in case you want to "augment" the contents of a single config file with that from another one. Look at the default generated console.php for an example of that.
You can find an idea here: Manage application configuration in different modes .
Basically it works by importing a different PHP file (your db configuration) and merging the includedarrays:
<?php
return CMap::mergeArray(
require(dirname(__FILE__).'/db-config.php'),
array(
'basePath' => dirname(__FILE__).DIRECTORY_SEPARATOR.'..',
'name' => 'Page Title',
...
)
);
?>
You can use separate configuration file (e.g. protected/config/production.php), that is based on your main configuration file and that overrides some settings using CMap::mergeArray as this answer suggests:
return CMap::mergeArray(
require(dirname(__FILE__) . '/main.php'),
array(
'components' => array(
'db' => array(
'connectionString' => '...',
'username' => '...',
'password' => '...',
),
),
)
);
Then you can add protected/config/production.php to .gitignore.
I activated csrf protection on my project which runs on Yii framework.
Csrf token is being created when base domain runs like "www.example.com".
But it isn't being created when the subdomain runs like "admin.example.com".
The configuration:
'components'=>array(
'request' => array(
'class' => 'application.components.HttpRequest',
'enableCsrfValidation' => true,
),
...
What is the problem in my code or is it about the server?
You can configure the CSRF cookie params in the request component in your main.php configuration:
'components' => array(
'request' => array(
'csrfCookie' => array(
'domain' => '.example.com',
),
),
),
Check out the other cookie options. You may also have to tweak the cookie path. This may also be helpful:
How do browser cookie domains work?