Bug #14532
closed
scope of BE- and FE-Cookie: can't cope with multidomain-setup
0%
Description
<cite martin kutschker>
I posted this long ago I think, but as a customer just upgraded to 3.7 I've had to make the same old hack again. I had to hack t3lib_userauth (or in fact the XCLASS version of cc_sv_auth) to set a proper domain with the cookie.
I'd like to have a SYS[cookieDomain] setting in localconf.php that if set, will be used to set the cookie correctly. Otherwise you cannot share sessions across subdomains.
</cite martin kutschker>
don't know if that affects FE as well
<solution>
<cite martin kutschker>
Local hack:
In t3lib_userauth find the two occurences of SetCookie(). Now add your domain as ".MYDOMAIN.TLD" as last parameter (after '/').
Better approach:
Like above but with an if-clause.
if ($TYPO3_CONF_VARS['SYS']['domainCookie'])
SetCookie($this->name, $id, 0,'/',
$TYPO3_CONF_VARS['SYS']['domainCookie'])
else
SetCookie($this->name, $id, 0, '/')
But that is assuming one domain for the whole installation. In case you have multiple domains with different subdmonains it won't work. eg
</cite martin kutschker>
</solution>
(issue imported from #M752)
Files
Updated by Martin Kutschker about 19 years ago
The quote is correct. IMHO the proposed solution is enough for most setups. Because either you have one domain, multiple domains or one domain with sub domains.
If you really need more than one domain with sub domains you'll have to use more TYPO3 installations. But I think this is a very rare case.
Of course both FE and BE sessions are affected.
Updated by Sebastian Kurfuerst over 18 years ago
The attached patch fixes the issue and I'm working to get it into the core.
Greets, Sebastian