[TYPO3-core] RFC #15334: Feature: Allow separate cookie domain for FE and BE
François Suter
fsu-lists at cobweb.ch
Tue Aug 3 13:47:23 CEST 2010
This is an SVN patch request.
Type: New feature
Bugtracker references:
http://bugs.typo3.org/view.php?id=15334
Branches:
Trunk
Problem:
Some clients run the TYPO3 BE under a different domain name for security
reasons. This causes problems with cookie domains as it is currently
possible to set a single one only, used by both FE and BE. The current
workaround would be to avoid defining a cookie domain, but this is not
secure.
Solution:
The attached patch introduces a separate cookie domain for the BE. If it
is left blank, the "main" cookie domain is used for both FE and BE (i.e.
the current behavior is unchanged).
Notes:
How to test:
1) make sure your web site has a domain defined in
$TYPO3_CONF_VARS['SYS']['cookieDomain'] (if it's blank, you can use any
domain anyway)
2) define a ServerAlias with some other domain for the web site
3) use that alias to access the TYPO3 BE => it won't work, you get
logged out every time, because the domain used to access the BE must
match the domain in $TYPO3_CONF_VARS['SYS']['cookieDomain'].
4) apply the patch, go to the install tool and use the new domain in the
new property $TYPO3_CONF_VARS['SYS']['cookieDomainBE']
5) log into the BE via the new domain => it should work now.
Cheers
--
Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 15334.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100803/d5f799a4/attachment.asc>
More information about the TYPO3-team-core
mailing list