[TYPO3-core] RFC #15334: Feature: Allow separate cookie domain for FE and BE
François Suter
fsu-lists at cobweb.ch
Tue Aug 17 17:07:44 CEST 2010
Hi,
> Problem:
> Some clients run the TYPO3 BE under a different domain name for security
> reasons. This causes problems with cookie domains as it is currently
> possible to set a single one only, used by both FE and BE. The current
> workaround would be to avoid defining a cookie domain, but this is not
> secure.
>
> Solution:
> The attached patch introduces a separate cookie domain for the BE. If it
> is left blank, the "main" cookie domain is used for both FE and BE (i.e.
> the current behavior is unchanged).
Although the original patch got enough vote I prepared a new version
which takes the various comments of FE/BE into account.
I finally went along with Benni's idea:
- $TYPO3_CONF_VARS['SYS']['cookieDomain'] remains and can be used to set
a domain for both BE and FE. The description has been changed accordingly
- $TYPO3_CONF_VARS['FE']['cookieDomain'] and
$TYPO3_CONF_VARS['BE']['cookieDomain'] are new options which can be used
to set up different domains for FE and BE, overriding "SYS" in case it
is defined too.
Cheers
--
Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 15334_v2.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100817/769e12dc/attachment.txt>
More information about the TYPO3-team-core
mailing list