[TYPO3-core] RFC #15334: Feature: Allow separate cookie domain for FE and BE
Ernesto Baschny [cron IT]
ernst at cron-it.de
Tue Aug 17 17:40:35 CEST 2010
François Suter schrieb am 17.08.2010 17:07:
> Hi,
>
>> Problem:
>> Some clients run the TYPO3 BE under a different domain name for security
>> reasons. This causes problems with cookie domains as it is currently
>> possible to set a single one only, used by both FE and BE. The current
>> workaround would be to avoid defining a cookie domain, but this is not
>> secure.
>>
>> Solution:
>> The attached patch introduces a separate cookie domain for the BE. If it
>> is left blank, the "main" cookie domain is used for both FE and BE (i.e.
>> the current behavior is unchanged).
>
> Although the original patch got enough vote I prepared a new version
> which takes the various comments of FE/BE into account.
>
> I finally went along with Benni's idea:
>
> - $TYPO3_CONF_VARS['SYS']['cookieDomain'] remains and can be used to set
> a domain for both BE and FE. The description has been changed accordingly
>
> - $TYPO3_CONF_VARS['FE']['cookieDomain'] and
> $TYPO3_CONF_VARS['BE']['cookieDomain'] are new options which can be used
> to set up different domains for FE and BE, overriding "SYS" in case it
> is defined too.
+1 by reading. Need to fix the spelling mistake in "The regular
expression of for the cookie domain contains errors." (bug = "of for")
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list