crm/protected/components/MySession.php

<?php

class MySession extends CHttpSession
{
    public $_hasSetId;

    /**
     * 重写 session open 兼容前端 HTTP_AUTHORIZATION 传递的 token
     * @return void
     */
    public function open()
    {
        $token = $_SERVER['HTTP_AUTHORIZATION']?? '';
        if ($token && !$this->_hasSetId) {
            $this->_hasSetId = true;
            $this->setSessionID($token);
        }
        return parent::open();
    }
}