Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-20487

CookieDomain not taken into account by the Back Office?

    XMLWordPrintable

    Details

      Description

      Hi all,

      I am currently trying to configure an eZ Publish Platform (5.0 with legacy kernel 2012.12). We have one backend siteaccess, and two frontend siteaccesses, as follows :

      • xxx_admin : admin.xxx.dev
      • xxx_fre_fr : fr.xxx.dev
      • xxx_eng_gb : www.xxx.dev

      I would like the cookies to be shared between all siteaccesses. In my legacy settings/override/site.ini.append.php, I have :

      [Session]
      CookieDomain=.xxx.dev

      Now, I cannot log in to the back office. When I try logging in, with the right username and password, the URL in Firefox changes to : /content/dashboard, but I still see the login form. I know that my identifiers are valid, because if I type invalid ones, I see the warning box (the one with the orange border). I just have to comment the CookieDomain line in the .ini file for the back office access to be operational again.

      It took me a while to understand what was going on. But as usual, Firebug gave me a helpful hand. Having deleted all cookies for the domain .xxx.dev :

      • I go to admin.xxx.dev : the login form is displayed. A cookie (cookie #1) is set for the domain .xxx.dev (the one set in CookieDomain).
      • I type my identification informations and click the "Log in" button. A redirection is made to /content/dashboard, but the login form is still displayed. Firebug tells me that another cookie (cookie #2) has been created... for admin.xxx.dev, which is the subdomain I am on!

      I attached an image to illustrate that. Both cookies are created with the same name, so I guess that the one taken into account has 1 out of 2 chances to be the right one?

      If I comment the CookieDomain line, the domain for both the cookie #1 and cookie #2 is admin.xxx.dev. And this time, it works. Another cookie "is_logged" is created as well. It is as if the login controller did not take into account the CookieDomain setting.

      It looks like an issue to me. What do you think?

      Best regards,
      Elie

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              HelloWorld Elie Theocari
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: