[TYPO3-core] RFC #13470: Session/Login not working in IE8 across subdomains
Steffen Ritter
info at rs-websystems.de
Thu Feb 25 16:38:54 CET 2010
Sigfried Arnold schrieb:
> Am 12.02.2010 10:22, schrieb Ernesto Baschny [cron IT]:
>> 2) Visit once "domain.com" (without the subdomain)
>> 3) Change to "www.domain.com"
>
> example.com and www.example.com are two different authorities - if
> someone has a cookie for one, he should not have one for the other
> domain (technicaly) - see RFC 2965 for details.
>
> if the cookie is set for ".example.com" it should be valid for
> www.example.com too, bit if it's set explicit for "example.com" it
> should not be valid on "www.example.com".
>
> it's quite common that www. subdomain and second level domain got the
> same content - but its also possible, that both are completly different.
>
> so - i vote for a clear -1 for this patch (in technical manner) - TYPO3
> should comply with RFCs - especialy if they are HTTP-Relevant)
>
> btw: you should really use RFC 2606 compilant domains for example
> purposes ;)
did you read the stuff?
TYPO3 normally behaves like this. you may set the cookie - domain in
install tool to .example.com for achieving it.
but THIS does not work in IE8
Cite of initial post:
The IE8 bug doesn't depend if you send or not a "domain=" specifier with
your cookie, meaning that the TYPO3 setting "cookieDomain" doesn't make
the trouble disappear.
More information about the TYPO3-team-core
mailing list