|
In-Portal Issue Tracker - In-Portal CMS
|
|
Viewing Issue Advanced Details |
|
|
ID:
|
Category:
|
Type:
|
Reproducibility:
|
Date Submitted:
|
Last Update:
|
|
95 |
[In-Portal CMS] Other |
feature request |
always |
2009-06-18 00:19 |
2010-07-22 15:06 |
|
|
Reporter:
|
Dmitry |
Platform:
|
|
|
|
Assigned To:
|
alex |
OS:
|
|
|
|
Priority:
|
normal |
OS Version:
|
|
|
|
Status:
|
closed |
Product Version:
|
|
|
|
Product Build:
|
|
Resolution:
|
fixed |
|
| |
|
ETA:
|
none |
Fixed in Version:
|
5.1.0-B1 |
|
|
Reference:
|
https://in-business.intechnic.com/?20325 |
|
Change Log Message:
|
Improved Cookie-Domain detection mechanism |
|
Estimate Points:
|
0 |
|
|
Summary:
|
0000095: Support for Multi-Domain Installation |
|
Description:
|
In order to fully support multi-domain installation we need to rework and improve cookie domain detection.
Currently $_SERVER['HTTP_HOST'] is used as cookie domain, however there are cases when you can't fully rely on this especially in cases with single installation running on multiple Domains.
Example: demo.in-portal.net, demo.in-portal.com, www.in-portal.org, in-portal.org
Proposing:
a. Add new configuration variable: CustomCookieDomains where administrator can list all domain names (one per line) on which In-Portal matches domain from $_SERVER['HTTP_HOST']. User must enter exact cookie domain (with all leading dots if any).
b. New variable will be placed in Admin->Configuration->Website->Advanced: Cookie Settings section and will be disabled/empty by default so it works as they are now.
When
- nothing is entered into CustomCookieDomains variable
- when none of entered cookie domains will match domain from $_SERVER['HTTP_HOST']
and $_SERVER['HTTP_HOST'] consists of 3 parts (e.g. "www.domain.com" or "ftp.domain.com"), then we automatically detect cookie domain as ".domain.com" (last 2 parts).
In case, when $_SERVER['HTTP_HOST'] consists of more, then 3 parts, then use $_SERVER['HTTP_HOST'] as cookie domain.
When cookie domains from configuration variable are matched, then leading dot should be stripped (only when matching).
domain.com
sub.domain.com
www.domain.com
will match to "domain.com" |
|
Steps To Reproduce:
|
|
|
Additional Information:
|
|
| Relationships | | related to | 0000472 | closed (5.1.0) | alex | Domain-based site auto-configuration |
|
|
Attached Files:
|
 infinite_redirect_with_cookies.patch (5,923) 2010-02-03 12:08
http://tracker.in-portal.org/file_download.php?file_id=271&type=bug
infinite_redirect_with_cookies_v2.patch (6,647) 2010-05-01 12:02
http://tracker.in-portal.org/file_download.php?file_id=509&type=bug
infinite_redirect_with_cookies_v3.patch (6,795) 2010-05-05 02:42
http://tracker.in-portal.org/file_download.php?file_id=521&type=bug
infinite_redirect_with_cookies_modules.patch (610) 2010-05-05 02:42
http://tracker.in-portal.org/file_download.php?file_id=522&type=bug |
|
|
Issue History |
|
Date Modified |
Username |
Field |
Change |
|
2010-10-10 10:20 |
alex |
Relationship added |
related to 0000472 |
|
2010-07-22 15:06 |
alex |
Note Added: 0002531 |
|
|
2010-07-22 15:06 |
alex |
Status |
resolved => closed |
|
2010-05-05 11:26 |
alex |
Note Added: 0002066 |
|
|
2010-05-05 11:26 |
alex |
Status |
reviewed and tested => resolved |
|
2010-05-05 11:26 |
alex |
Fixed in Version |
=> 5.1.0-B1 |
|
2010-05-05 11:26 |
alex |
Resolution |
open => fixed |
|
2010-05-05 11:26 |
alex |
Changeset attached |
5.1.x r13492 |
|
2010-05-05 11:24 |
alex |
Changeset attached |
5.1.x r13491 |
|
2010-05-05 08:50 |
Dmitry |
Note Added: 0002062 |
|
|
2010-05-05 08:50 |
Dmitry |
Assigned To |
!COMMUNITY => alex |
|
2010-05-05 08:50 |
Dmitry |
Status |
needs testing => reviewed and tested |
|
2010-05-05 02:45 |
alex |
Note Added: 0002060 |
|
|
2010-05-05 02:45 |
alex |
Assigned To |
alex => !COMMUNITY |
|
2010-05-05 02:45 |
alex |
Status |
needs work => needs testing |
|
2010-05-05 02:42 |
alex |
File Added: infinite_redirect_with_cookies_modules.patch |
|
|
2010-05-05 02:42 |
alex |
File Added: infinite_redirect_with_cookies_v3.patch |
|
|
2010-05-02 14:21 |
Dmitry |
Note Added: 0002050 |
|
|
2010-05-02 14:21 |
Dmitry |
Status |
reviewed and tested => needs work |
|
2010-05-02 13:36 |
Dmitry |
Note Added: 0002049 |
|
|
2010-05-02 13:36 |
Dmitry |
Assigned To |
!COMMUNITY => alex |
|
2010-05-02 13:36 |
Dmitry |
Status |
needs testing => reviewed and tested |
|
2010-05-01 12:02 |
alex |
Note Added: 0002036 |
|
|
2010-05-01 12:02 |
alex |
Assigned To |
alex => !COMMUNITY |
|
2010-05-01 12:02 |
alex |
Status |
needs work => needs testing |
|
2010-05-01 12:02 |
alex |
File Added: infinite_redirect_with_cookies_v2.patch |
|
|
2010-04-28 11:39 |
Dmitry |
Change Log Message |
=> Improved Cookie-Domain detection mechanism |
|
2010-04-28 11:34 |
Dmitry |
Note Added: 0002027 |
|
|
2010-04-28 11:34 |
Dmitry |
Assigned To |
!COMMUNITY => alex |
|
2010-04-28 11:34 |
Dmitry |
Status |
needs testing => needs work |
|
2010-03-09 09:08 |
alex |
Note Added: 0001525 |
|
|
2010-02-27 04:24 |
alex |
Developer |
=> alex |
|
2010-02-03 15:25 |
alex |
Note Added: 0001460 |
|
|
2010-02-03 12:08 |
alex |
Time Estimate Removed |
5 => |
|
2010-02-03 12:08 |
alex |
Assigned To |
alex => !COMMUNITY |
|
2010-02-03 12:08 |
alex |
Status |
needs work => needs testing |
|
2010-02-03 12:08 |
alex |
File Added: infinite_redirect_with_cookies.patch |
|
|
2010-02-02 11:00 |
Dmitry |
Note Edited: 0001450 |
bug_revision_view_page.php?bugnote_id=0001450#r383 |
|
2010-02-02 10:59 |
Dmitry |
Note Added: 0001450 |
|
|
2010-01-12 11:32 |
alex |
Time Estimate Added |
5 |
|
2010-01-12 11:32 |
alex |
Status |
active => needs work |
|
2009-10-03 07:54 |
administrator |
Status |
reviewed and tested => active |
|
2009-08-09 03:27 |
alex |
Status |
needs testing => reviewed and tested |
|
2009-06-19 05:37 |
alex |
Reference |
=> https://in-business.intechnic.com/?20325 |
|
2009-06-18 23:42 |
Dmitry |
Status |
needs work => needs testing |
|
2009-06-18 23:42 |
Dmitry |
Target Version |
=> 5.1.0 |
|
2009-06-18 16:00 |
Dmitry |
Summary |
Support for multi-domain Installation => Support for Multi-Domain Installation |
|
2009-06-18 15:46 |
alex |
Description Updated |
bug_revision_view_page.php?rev_id=63#r63 |
|
2009-06-18 15:35 |
alex |
Note Deleted: 0000090 |
|
|
2009-06-18 15:30 |
alex |
Description Updated |
bug_revision_view_page.php?rev_id=62#r62 |
|
2009-06-18 15:05 |
alex |
Note Added: 0000090 |
|
|
2009-06-18 15:03 |
alex |
Description Updated |
bug_revision_view_page.php?rev_id=61#r61 |
|
2009-06-18 15:03 |
alex |
Description Updated |
bug_revision_view_page.php?rev_id=60#r60 |
|
2009-06-18 14:43 |
alex |
Status |
needs feedback => needs work |
|
2009-06-18 00:20 |
Dmitry |
Summary |
Support for multi-domain Installations => Support for multi-domain Installation |
|
2009-06-18 00:19 |
Dmitry |
Assigned To |
=> alex |
|
2009-06-18 00:19 |
Dmitry |
Status |
active => needs feedback |
|
2009-06-18 00:19 |
Dmitry |
New Issue |
|
|
Notes |
|
|
(0001450)
|
|
Dmitry
|
2010-02-02 10:59
(edited on: 2010-02-02 11:00) |
|
|
Reminder sent to: alex
For now we are making this as Global setting and NOT relating to task:
0000472 Domain-based site auto-configuration
|
|
|
|
(0001460)
|
|
alex
|
|
2010-02-03 15:25
|
|
Here is test plan (use is before and after patch is applied):
Domain A: http://www.domain.com/admin
Domain B: http://domain.com/admin
1. Delete "adm_sid" and "adm_sid_live" cookies on both domains (before visiting them !!!)
2. Visit A domain
3. Visit B domain
4. At this point we will have cookie named "adm_sid" on both domains with different values
5. Login on A domain
6. Login on B domain
7. Logout on A domain (witness, that you have still logged-in, but using user from B domain and "adm_sid" cookie is same for both domains)
8. Logout again on A domain (witness infinite redirect) |
|
|
|
(0001525)
|
|
alex
|
|
2010-03-09 09:08
|
|
|
TODO: need to cache _autoGuessDomain function result (locally in static variable), because when SessionCookieDomains configuration variable is empty, then this method is called every time, when cookie is set. |
|
|
|
(0002027)
|
|
Dmitry
|
|
2010-04-28 11:34
|
|
|
|
|
(0002036)
|
|
alex
|
|
2010-05-01 12:02
|
|
|
|
|
(0002049)
|
|
Dmitry
|
|
2010-05-02 13:36
|
|
|
|
|
(0002050)
|
|
Dmitry
|
|
2010-05-02 14:21
|
|
Please use NEW Cookie name instead of current in configuration.
Add "in_" prefix during installation or upgrade. |
|
|
|
(0002060)
|
|
alex
|
|
2010-05-05 02:45
|
|
I didn't add "in_" prefix to all cookies, since we need to add "in_" in all places, where that cookie value is read via $this->Application->GetVar('cookie_get_name'); and we can't guess if we are retrieving cookie or not.
That's why I added code, that will delete cookie from all other domains in all cases, not only during installation.
This will work, since we are not setting cookie every day. |
|
|
|
(0002062)
|
|
Dmitry
|
|
2010-05-05 08:50
|
|
|
Seems to be working good, please commit |
|
|
|
(0002066)
|
|
alex
|
|
2010-05-05 11:26
|
|
Fix committed to 5.1.x branch. Commit Message:
Fixes 0000095: Support for Multi-Domain Installation |
|
|
|
(0002531)
|
|
alex
|
|
2010-07-22 15:06
|
|
|
Closing, since 5.1.0 release has been released. |
|