We Keep Coding

Controller / Action for guest users (Does not require authentication) using Yii2-user

I am using Yii2 (basic) and Yii2-user for a website with users. For most actions it's necessary to be authenticated. How could I make a controller / action accessible as a guest?
I have tried things like this in the guest's controller:
'rules' => [
[
'allow' => true,
'actions' => ['index', 'confirm', 'download-form', 'upload-form'],
]
],
And this should be enough. But nope. I suspect that it is Yii2-user module who gets in the way and always redirects me to login.
And I have added the module in the web.php configuration like this:
'components' => [
...
...
'user' => [
'class' => 'nkostadinov\user\components\User',
'identityClass' => 'nkostadinov\user\models\User',
'enableConfirmation' => false,
'as firstLoginPolicy' => [
'class' => 'nkostadinov\user\behaviors\FirstLoginPolicyBehavior'
],
],
],
Any idea?

I have solved it as follows.
In my web.php configuration I had this:
'modules' => [
...
],
'as access' => [
'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error', 'request', 'change-password'],
'allow' => true,
'roles' => ['?']
],
[
//'actions' => ['logout', 'index'], // add all actions to take guest to login page
'allow' => true,
'roles' => ['#'],
],
],
],
'params' => [ ... ]
So, I have added this new rule to grant guest users access to all actions of this controller:
[
'controllers' => ['mymodule/my-controller'],
'allow' => true,
],
And that's it.

i suggest you to use mdmsoft/yii2-admin for authentication

Yii2 authTimeout is not working

The login authTimeout is set to two hours but the system logout itself after 30 minutes if the system is idle. Any idea why that happened?
'components' => [
'user' => [
'identityClass' => 'app\models\User',
'enableAutoLogin' => false,
'authTimeout' => 7200,
'enableSession' => true,
],
]

Probably this is related to session timeout. Usual default value is about ~30 minutes, so session will expire before authTimeout takes effect. You need to adjust Session::$timeout value in your config:
'session' => [
'timeout' => 7200, // or greater
],

after auto logout how to redirect the control to login page in yii2?

I am using below code to auto logout after some time interval
'session' => [
'timeout' => 10,
],
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => false,
'authTimeout' => 10,
],
It logged out successfully
but did not redirect to login page
how to do that?

You can use behaviors for actions.
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['index', 'logout','view','create','update','delete'],
'rules' => [
[
'actions' => ['index', 'logout','view','create','update','delete'],
'allow' => true,
'roles' => ['#'],
],
],
],
];
}
So user is not logged in it will redirect to login url. You can also set login url
'session' => [
'timeout' => 10,
],
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => false,
'authTimeout' => 10,
'loginUrl' => 'admin/default/login' // set your login path here
],
OR You can use beforeAction method to check that user is logged in or not and send user to login page.
public function beforeAction($action){
if (Yii::$app->user->isGuest){
return $this->redirect(['site/login'])->send(); // login path
}
}

Yii2 set session timeout for 3 days

I have session configuration as follows
'user' => [
'identityClass' => 'common\models\LoginForm',
'enableAutoLogin' => false,
'loginUrl' => ['/login'],
'identityCookie' => [
'name' => '_OwnerUser', // unique for frontend
],
'authTimeout' => 1800,
],
'session' => [
'name' => 'PHPOWNERSESSID',
'savePath' => sys_get_temp_dir(),
'timeout'=> 1800
],
What I want to do is keep user logged in for 3 days, I have gone through the SO. In which way I can implement this?
Is it necessary to use cookies for storing session? if yes then how?
I want to implement it in my existing project which is in production and I have not used cookie for login purpose

Session timeout if no activity in 15 minutes not working?

I use advanced template and I can successfully session timeout in 15 minutes but it doesn't depends on activity, so even user active in website after login he will be logout after 15 minutes.
I know the idea I should put trigger to increase timeout in SiteController, but don't know how to implement it.
So far here is my code
backend\config\main.php
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => false,
'authTimeout' => 900
],
'session' => [
'class' => 'yii\web\Session',
'cookieparams' => ['httponly' => true, 'lifetime' => 900],
'timeout' => 900,
'useCookies' => true,
],
frontend\config\main.php
'user' => [
'identityClass' => 'common\models\UserCustomer',
'enableAutoLogin' => false,
//'enableSession' => true,
'authTimeout' => 900,
],
'session' => [
'class' => 'yii\web\Session',
'cookieparams' => ['httponly' => true, 'lifetime' => 900],
'timeout' => 900,
'useCookies' => true,
],
What should I do now? so I can implement session timeout if no activity in 15 minutes.
Thanks in advance.

I believe your problem is different and there is a better solution than putting a trigger in your controller.
Most probably you are not setting a duration for http://www.yiiframework.com/doc-2.0/yii-web-user.html#login()-detail. Search for the line where you login the user. Probably something like:
Yii::$app->user->login($this->getUser());
change to
Yii::$app->user->login($this->getUser(), 900);
There are also several reasons this might not be working, but this is the most obvious.