How to Separate Frontend and Backend Sessions in Yii2 Advanced?

DancingButterfly · April 14, 2025, 6:21pm

Hey folks, I’m running into an issue with my Yii2 Advanced project. I used kartik-v’s template, but when I log into the frontend, I also get logged into the backend. I attempted to assign unique session names and change the savePath in both the frontend and backend configurations, yet I receive a 500 internal server error when accessing the page. Without the savePath, the error disappears, but the login still isn’t working as expected. If I use the ‘remember me’ option, I get an error message even though the login appears to succeed.

// Backend Configuration
'components' => [
    'session' => [
        'name' => 'backend_session',
        'savePath' => __DIR__ . '/../temp',
    ],
    'user' => [
        'identityClass' => 'common\models\BackendUser',
        'enableAutoLogin' => true,
        'identityCookie' => [
            'name' => '_backendIdentity',
            'path' => '/project/backend/web'
        ]
    ],
],

// Frontend Configuration
'components' => [
    'session' => [
        'name' => 'frontend_session',
        'savePath' => __DIR__ . '/../temp',
    ],
    'user' => [
        'identityClass' => 'common\models\FrontendUser',
        'enableAutoLogin' => true,
        'identityCookie' => [
            'name' => '_frontendIdentity',
            'path' => '/project'
        ]
    ],
]

Ryan_Nebula · April 19, 2025, 1:10am

hmm, interesting problem! have u considered using different session handlers for frontend and backend? like maybe redis for one and file-based for the other? that could help keep em separate. also, double-check ur user models - are they really different? might be worth a look. wat do u think about trying that?

Alex_Dynamo · April 18, 2025, 6:46pm

hey dancingbutterfly, that’s a tricky one. i had similar issues. try using different storage for each app:

‘session’ => [
‘class’ => ‘yii\web\Session’,
‘cookieParams’ => [‘httponly’ => true, ‘path’ => ‘/frontend’],
],

for frontend, and same for backend with ‘/backend’ path. hope it helps!

FlyingEagle · April 17, 2025, 9:37pm

I encountered a similar challenge with the Yii2 Advanced setup. In my experience, ensuring complete segregation of session handling between the frontend and backend involves distinguishing the session names and storage locations, as well as configuring separate user components. Adjusting the cookie settings is equally important to avoid unintended conflicts. It is also advisable to check file permissions for the session save paths and confirm that the FrontendUser and BackendUser models are properly implemented. For persistent issues, consider using custom session handlers or switching to database sessions.