View Issue Details

IDProjectCategoryView StatusLast Update
0001159OXID eShop (all versions)1. ----- eShop frontend -----public2012-12-10 14:38
ReporterMoehlis Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.1.3 revision 19918 
Fixed in Version4.1.6 revision 22740 
Summary0001159: cookie domain not set
Descriptionwhen setting cookies, the shop always sets "/" as cookie domain. in most cases this works fine but as example if you have multiple shops in multiple directories on the same domain, you can only log in one shop at the time.
TagsNo tags attached.
Theme
BrowserOpera
PHP Version5.2.6
Database Version5.0.33

Activities

arvydas_vapsva

2009-08-19 10:27

reporter   ~0001440

Reminder sent to: Moehlis

Can you give an example how you setup your shop .htaccess file or something? thnx

Moehlis

2009-08-20 11:11

reporter   ~0001466

.htaccess file is oxid standard:

<IfModule mod_rewrite.c>

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_URI} !(\/core\/|\/export\/|\/modules\/|\/out\/|\/setup\/|\/tmp\/|\/views\/)
RewriteRule admin/test\.php$ admin/test.php?mod_rewrite=1

RewriteCond %{REQUEST_URI} !(\/admin\/|\/core\/|\/export\/|\/modules\/|\/out\/|\/setup\/|\/tmp\/|\/views\/)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule !(\.html|\/|\.jpg|\.css|\.pdf|\.doc|\.gif|\.png|\.js)$ %{REQUEST_URI}/ [R=301,L]

RewriteCond %{REQUEST_URI} !(\/admin\/|\/core\/|\/export\/|\/modules\/|\/out\/|\/setup\/|\/tmp\/|\/views\/)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (\.html|\/)$ oxseo.php


</IfModule>

Options -Indexes




in the root dir is an adittionali .htaccess file:

Options +Indexes

Moehlis

2009-08-20 11:16

reporter   ~0001467

directories are:
/oxid/
/oxid/ce413/
/oxid/pe413/
/oxid/ee413/


its just the case that the directory restriction is not set, so every shop can access the others shop cookies

arvydas_vapsva

2009-08-20 14:55

reporter   ~0001470

Reminder sent to: Moehlis

you have different shop versions in subfolders and want that if you login e.g. to CE you are logged in to EE or PE either?

Moehlis

2009-08-24 16:28

reporter   ~0001502

Last edited: 2009-08-24 16:29

i just installed v 4.1.4 and reproduce it with this version

here is the scenario:

- we have 2 shops (maybe two ce, or, ce and pe, it doesnt matter)
- both shops have the same administrator username/password
- we log into shop A with the user "[email protected]"
- now we log into shop B with the "admin" user
- unfortunately we are now logged in with admin user in BOTH shops

this time i testet in mozilla, so its no browser problem, its just the cookiedomain that is not set.

arvydas_vapsva

2009-08-24 17:07

reporter   ~0001504

i'm a bit confused - now you write - "unfortunately we are now logged in with admin user in BOTH shops", and previously you wrote "you can only log in one shop at the time"..

Anyway you can setup cookies according to your needs by writing a module for oxUtilsServer::_getCookiePath() method (so you can override current "/" to your folders).

In next release we will include possibility to define config parameter like it is now in oxUtilsServer::_getCookieDomain()

arvydas_vapsva

2009-08-24 17:20

reporter   ~0001505

Added possibility to define path on the server in which the cookie will be available on; parameter in config.inc.php should be added:

        $this->sCookiePath = '/dev/urandom';

Please check php documentation for details about possible this parameter values.