[Typo3] Domain dependent fe login

Olray Dragon olray-dragon at allanime.org
Thu Aug 4 17:55:15 CEST 2005 

Your problem is security related. When logging in to www.domain.com, the 
cookie is locked to www.domain.com. Because domain.com is superior to 
www.domain.com the cookie is sent to both domains.

Other way round, if you log on to domain.com the cookie is valid for 
domain domain.com ONLY. Because www is only a child of domain.com. 
Imagine a site with lots of user subdomains:

peter.domain.com
lara.domain.com
john.domain.com
steven.domain.com

If there wasn't exactly this security in place, all of these subdomains 
would receive ALL cookies set in ALL other subdomains.

I suggest redirecting all access to domain.com to www.domain.com using a 
dummy vhost. Search engines will find your site and all users get 
redirected to your home page and you will not have any accesses to 
domain.com logged thus not getting any "fake referers" in your logfile.

Hope this helps.

Olray

Jeppe Vesterbaek schrieb:
> Hi list
> 
> I posted this question on the list three weeks ago, but got no answers, so I'll give it a try again.
> 
> When a front end user logs in to my site, e.g. at this url:
> http://www.mydomain.com/login.html
> the user is only registered as being loged in, when the "www" is in the url, i.e., if the front end user goes to some page without the "www" like
> http://mydomain.com/login.html, typo3 registers him as not logged in.
> 
> How can I change/control this behaviour? ( = changing what is stored in $GLOBALS['TSFE']->fe_user->user )
> 
> I have been trying using TSFE.jumpUrl_transferSession=1, as suggested in a few old threads in this list .It did not work.
> 
> The very strange thing is, that if I go to my website in this "root domain", i.e., no www in url and log in as a front end user. Then I add www to the url, and the front end user i still logged in. If I do it the other way around the user is only logged in on the www domain.
> 
> TEST1:
> mydomain.com
> log in as fe user
> change url to www.mydomain.com
> fe user still logged in (deserired behaviour)
> 
> TEST2:
> www.mydomain.com
> log in as fe user
> change url to mydomain.com
> fe user not logged in (not desired behaviour)
> 
> Hope someone has input. I'm running put of ideas.
> 
> - Jeppe Vesterbaek (vesterbaek)
> 
> -----------------------
> The mailing list archive is found here:
> http://typo3.org/documentation/mailing-lists/english-main-list-archive/
>

More information about the TYPO3-english mailing list