Yii2 - Different persistent login cookie on same domain

Question

I have a domain that has 2 different installs of YII2, lets call them old and new site. If I login to the old site and ask to be remembered, then close the browser and then later go to the new sites login page, I am logged in to new site and it takes me to a dashboard.

I looked at changing the cookieValidationKey in web.php

    'request' => [
        // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
        'cookieValidationKey' => 'thisisthenewsitekey',
    ],

and I looked around the whole request setup but I can't see anything.

Is there a way to separate the 2 logins cookies, so if I'm logged in on old site, I'm not also logged in on new site?

Answer 1

Add to config file:

'session' => [
    // this is the name of the session cookie used for login
    'name' => 'site2',
    'cookieParams' => [
        'path' => 'yourPath..',
    ],
],

(Optional) Also you can do, for csrfParam and identityCookie

If you use a shared domain or Cross-subdomain authentication:

$config = [
    // ...
    'components' => [
        // ...
        'user' => [
            'class' => 'yii\web\User',
            'identityClass' => 'app\models\User',
            'enableAutoLogin' => true,
            'loginUrl' => '/user/login',
            'identityCookie' => [ // <---- here!
                'name' => '_identity',
                'httpOnly' => true,
                'domain' => '.example.com',
            ],
        ],
        'request' => [
            'cookieValidationKey' => 'your_validation_key'
        ],
        'session' => [
            'cookieParams' => [
                'domain' => '.example.com',
                'httpOnly' => true,
            ],
        ],

    ],
];