Automagically Log into Multiple Domains in Yii2

Question

I have a site with a root domain and several sub domains, each a separate yii2 module. At the moment I have to log into each sub domain individually. I want to be able to log into the root directory and then be automatically logged into each of the sub domains. There are a few pages here and there on the web about achieving this but nothing that works.

at the moment I have the same setup in both main.php config files (i.e. the root domain and one of the sub domains that I am testing with)

'components' => [
    'request' => [
        'enableCookieValidation' => true,
        'enableCsrfValidation' => true,
        'cookieValidationKey' => 'XXXXXXX',
    ],
    'user' => [
        'class' => 'yii\web\User',
        'identityClass' => 'common\models\User',
        'enableAutoLogin' => true,
        'identityCookie' => [
            'name' => '_myapp',
            'httpOnly' => true,
            'path' => '/',
        ]
    ],
    'session' => [
        'name' => 'MYAPPSESSID',
        'cookieParams' => [
            'path' => '/',
        ],
    ],

When inspecting my cookies in Chrome after logging in with setup I see two cookies, one for the main site and one for the sub domain, they are both called MYAPPSESSID, and both containing different 'keys' that presumably hook up to the user info set on the PHP session. I get that these two cookies should be one cookie so that both domains hook up to the session user object - but I;ve tried all the different settings I can think of and can't get this to work.

Answer 1

To be able to log on all subdomains, use the following config:

'components' => [
    'session' => [
        // ...
        'cookieParams' => [
            'path' => '/',
            'domain' => ".domain.com",
        ],
    ],
    'user' => [
        // ...
        'identityCookie' => [
            'name' => '_identity',
            'path' => '/',
            'domain' => ".domain.com",
        ],
    ],
    'request' => [
        // ...
        'csrfCookie' => [
            'name' => '_csrf',
            'path' => '/',
            'domain' => ".domain.com",
        ],
    ],
],

Answer 2

I figured this out in the end. The session->cookieParams needs a 'domain' set on both main.php config files, which is the top level domain name prefixed with a '.'. I did try this but the cookies were'n't being generated, and it turned out that it was because my local domains that I set in Mamp Pro were not formatted in a way that the cookies were expecting them. So my app was at http://myapp, and http://subdomain.myapp. It turns out that the cookie domain setting requires a top level domain (like .com). So I changed my hosts to http://myapp.local and http://subdomain.myapp.local. Then I set the cookie domains to .myapp.local and it worked.

here's my new config, which is on both the root domain and the sub domain. The user->identityCookie settings above turned out to be unnecessary btw.

'components' => [
'request' => [
    'enableCookieValidation' => true,
    'enableCsrfValidation' => true,
    'cookieValidationKey' => 'XXXXXXX',
],
'user' => [
    'class' => 'yii\web\User',
    'identityClass' => 'common\models\User',
    'enableAutoLogin' => true
],
'session' => [
    'name' => 'MYAPPSESSID',
    'cookieParams' => [
        'path' => '/',
        'domain' => '.myapp.local'
    ],
],