[TYPO3-dev] Is config key 'cookieDomain' worth a patch?

Xavier Perseguers typo3 at perseguers.ch
Sat Jan 3 15:02:45 CET 2009 

OK, below is the configuration. I could not make it work and it seems 
normal.

Article http://www.stonetemple.com/articles/analytics-and-cookies.shtml 
seems to be made for web analytics which actually have another behaviour 
as browsers. Perhaps I missed something.


DNS
=============

myproject.org:

cms      IN A      1.2.3.4
*        IN CNAME  cms


domain.com:

*        IN CNAME  cms.myproject.org.

Testing:

$ dig cms.myproject.org
;; ANSWER SECTION:
cms.myproject.org.	259200	IN	A	1.2.3.4

$ dig somedomain.myproject.org
;; ANSWER SECTION:
somedomain.myproject.org. 259200 IN	CNAME	cms.myproject.org.
cms.myproject.org.	259200	IN	A	1.2.3.4

$ dig other.domain.com
;; ANSWER SECTION:
other.domain.com. 86400 IN	CNAME	cms.myproject.org.
cms.myproject.org.	259200	IN	A	1.2.3.4


TYPO3
=============

- TYPO3 installed under http://cms.myproject.org/102 (just to give the 
real setup). I configure the website from 
http://cms.myproject.org/102/typo3/


localconf.php:

$TYPO3_CONF_VARS['SYS']['cookieDomain'] = '';


realurl_conf.php:

---------
$rootPID = array(
     'other.domain.com' => 6,
     'somedomain.myproject.org' => 8,
);

// snip
'pagePath' => array(
     // snip
     'rootpage_id' => min(1, $rootPID[$_SERVER['HTTP_HOST']]),

---------

Page structure:

root
|-- other
`-- somedomain

For each of these pages, I have a domain record (other.domain.com and 
somedomain.myproject.org)

Each page has some content elements shown only if logged.


APACHE
=============

<VirtualHost *:80>
     DocumentRoot /var/www/data/myproject.org/cms/102
     ServerName somedomain.myproject.org
     ServerAlias other.domain.com


TEST
=============

1) Go to http://somedomain.myproject.org
2) Only public content is shown

4) Go to http://other.domain.com
5) Only public content is shown
6) Log in => cookie set to .......
7) Restricted content is shown

8) Go back to http://somedomain.myproject.org

Expected behaviour

- Restricted content is shown

Result:

- Only public content is shown.

Reason:

On http://other.domain.com, the fe_typo_user cookie is associated to 
domain other.domain.com. On the other hand on 
http://somedomain.myproject.org, the fe_typo_user cookie is associated 
to the corresponding domain.

 From a browser point of view, DNS stuff has nothing to do, these are 
two different domains and as such the cookie is not sent.

It comforts me that DNS stuff are transparent for the browser.

As said, perhaps I missed something but I think that Dmitry's idea of 
testing whether FE or BE is active seems the only way to go around this 
cookie problem.

-- 
Xavier Perseguers
http://xavier.perseguers.ch/en

One contribution a day keeps the fork away

More information about the TYPO3-dev mailing list