[TYPO3-dev] Weird cookie problem with FE login (wrong host)

[Xavier Perseguers]

Hi!

> Xavier Perseguers wrote:
>> My frontend session cookies get generated with the wrong host information.
>>
>> I have following site structure:
>>
>> root
>>   |-- website
>>   |     `-- shared (mountpage to SP below)
>>   `-- SP
>>        `-- login
>>
>> Default accessible domain for the website is http://cms.domain.tld. Root
>>> website is accessible through http://www.website.tld. Now, for some
>> reason, when I use the login form mounted on shared (and thus accessible
>> through http://www.website.tld/shared/login.html, my session cookie is
>> generated with host: .cms.domain.tld and as such is not sent back by my
>> browser as the domains do not match => session is "terminated" and user
>> cannot do anything after the login.
>>
>> Did I missed some configuration setting somewhere?
> 
> When you work with mount points, mounted pages work in the context of the current domain. So if you access mounted page with login form from cms.example.com, the cookie will be set fo this domain. If you next navigate to the login form at www.example.com, you will not have that cookie because domain does not match.
> 
> There is a setting in install tool where you can set domain for login cookies. Set it to ".example.com" (note the first dot).

Yes, I thought it was only for BE login.

I just changed this setting and now it seems to work. Thanks Dmitry. The 
session cookie is initialized once I enter the login form (before 
actually logging in).

In my case I have the default domain which is cms.domain.tld and the 
different mount points with <something>.domain.tld, thus indicating 
.domain.tld in install tool for session cookie is just OK and for me it 
is ok.

But I should investigate a bit more to see whether it works if I had 
another domain such as myotherdomain.tld.

Thanks for the pointer.

-- 
Xavier Perseguers
http://xavier.perseguers.ch/en/tutorials/typo3.html