I use Yii 1. I prescribe in the config of the site domen.ua:
'session' => array( 'cookieParams' => array( 'httpOnly' => true, 'domain' => '.domen.ua' ) ), 'user' => array( 'loginUrl' => array('auth/auth'), 'class' => WebUser', 'allowAutoLogin' => true, 'identityCookie' => array('domain' => '.domen.ua'), ), In the configuration of the site my.domen.ua I register:
'session' => array( 'cookieParams' => array( 'domain' => '.domen.ua', 'httpOnly' => true, ), ), 'user' => array( 'loginUrl' => array('auth/auth'), 'class' => 'WebUser', 'allowAutoLogin' => true, 'identityCookie' => array('domain' => '.domen.ua'), ), At authorization I put $duration = 31536000 . Everything remarkably authorizes both from the main domain and from the subdomain.
BUT! On the main domain of the cookie is stored as much as it is set - 31536000 (about a year). When switching from the domen.ua site to my.domen.ua, the user is authorized. But if you don’t go to the site domen.ua for a long time (about 20 minutes), and then enter my.domen.ua in the address bar - the user will be a guest. MAGIC! And if you go to domen.ua - again Authorized! The question is why log out on a subdomain after a certain time? In devtools, how would the session is ... Login user
Yii::app()->user->login($this->_identity, $duration); where $duration = 31536000
I’ve been struggling with this problem for a long time ... Unfortunately, the decision of the forums has not helped yet ...
