[TYPO3-core] RFC #15334: Feature: Allow separate cookie domain for FE and BE
Ernesto Baschny [cron IT]
ernst at cron-it.de
Wed Aug 4 10:14:46 CEST 2010
François Suter schrieb am 04.08.2010 10:04:
> Hi Ernesto,
>
>> you can have a regexp as a cookie-domain, isn't that enough to define
>> several valid cookie domains?
>>
>> $TYPO3_CONF_VARS['SYS']['cookieDomain'] = '/^(domainFE|domainBE)$/';
>
> You're right, I hadn't noticed that...
>
>> If the user accesses through one of the matched domains, it is set as
>> the cookie domain for his session.
>
> ...but it doesn't help in my case. The goal is to restrict access to the
> BE to a particular domain and not to have several domains, all of which
> could be used to access the BE.
In my opinion, you cannot restrict access using cookieDomain. It is up
to the browser to respect the cookieDomain, so he might as well send
back the cookie even if the domain doesn't match.
I thought you had restricted it using apache configuration? That would
be the "way to go". In my opinion, restricting access to BE through a
certain domain could be a whole new feature.
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list