3

I have separated backend and frontend by using below:

Backend Config/main.php

$config = [
    'id' => 'app-backend',
    'basePath' => dirname(__DIR__),
    'controllerNamespace' => 'backend\controllers',
    'bootstrap' => ['log'],
    'modules' => [],
    'components' => [
        'request' => [
            'csrfParam' => '_csrf-backend',
            'cookieValidationKey' => 'sdsdsdsd-e8Fhoa1PdHzzfB2VTON9Nfh',
            'class' => 'common\components\Request',
            'web'=> '/backend/web',
            'adminUrl' => '/cpanel'
        ],
        'urlManager' => [
            'class' => 'yii\web\UrlManager',
            'enablePrettyUrl' => true,
            'showScriptName' => false,
        ],
        'user' => [
            'identityClass' => 'common\models\AdminUser',
            'enableAutoLogin' => true,
            'identityCookie' => ['name' => '_identity-project-backend', /*'httpOnly' => true*/],
        ],
        'session' => [
            // this is the name of the session cookie used for login on the backend
            'name' => 'project-backend',
            'timeout' => 60*60*24*30,
        ],
    ],
    'params' => $params,
];

Frontend Config/main.php

$config =  [
    'id' => 'app-frontend',
    'basePath' => dirname(__DIR__),
    'bootstrap' => ['log'],
    'controllerNamespace' => 'frontend\controllers',
    'components' => [
        'request' => [
            'csrfParam' => '_csrf-backend',
            'cookieValidationKey' => 'wmWhVSIv-e8Fhoa1PdHzzfB2VTON9Nfh',            
            'class' => 'common\components\Request',
            'web' => '/frontend/web'
        ],
        'urlManager' => [
            'class' => 'yii\web\UrlManager',
            'enablePrettyUrl' => true,
            'showScriptName' => false,
        ],
        'user' => [
            'identityClass' => 'common\models\User',
            'enableAutoLogin' => true,
            'identityCookie' => ['name' => '_identity-project-frontend', /*'httpOnly' => true*/],
        ],
        'session' => [
            // this is the name of the session cookie used for login on the frontend
            'name' => 'project-frontend',
            'timeout' => 60*60*24*30,
        ],
        'log' => [
            'traceLevel' => YII_DEBUG ? 3 : 0,
            'targets' => [
                [
                    'class' => 'yii\log\FileTarget',
                    'levels' => ['error', 'warning'],
                ],
            ],
        ],
        'errorHandler' => [
            'errorAction' => 'site/error',
        ],        
    ],
    'params' => $params,
    //'defaultRoute' => 'site/index'
];

Now it is working perfectly in normal browser mode. But when ever i am trying to login using incognito mode, on first attempt it gives below error:

Unable to verify your data submission

After that, if i reload the page and try to login again, it works normally.

My form is generated using ActiveForm, so CSRF token is available in login page.

So how to solve this problem?

DS9
  • 2,995
  • 4
  • 52
  • 102

2 Answers2

0

Yo can specify the validation false in specific controller / actions

include the Yii class

use Yii;

inside the action

Yii::$app->controller->enableCsrfValidation = false;

or inside the controller 

$this->enableCsrfValidation = false;
Rahman
  • 282
  • 1
  • 10
-2

You need to set validation false

Set this code inside the action

 Yii::$app->controller->enableCsrfValidation = false;

Set complete controller validation false

$this->enableCsrfValidation = false;

This will work

Saleem Khan
  • 150
  • 1
  • 9