Recent Topics

[Multi Domain] Cannot get cookies to persist across domains

Started by on Jul 08, 2016 – Contents updated: Jul 09, 2016

Jul 08, 2016 19:26    

I have a single install of b2evo 6.7.4-stable and am trying to setup multiple domains. I've also followed the conversation from this topic: http://forums.b2evolution.net/multidomain-users-not-logged-in-across-domains. I only viewed the corresponding manual page today, which is well after you cleaned it up (looks good!).

This is the setup I'm looking for:

site1.com: Acts as parent for all other collections, aggregating content from all blog collections to the front page, and providing a collection for static pages. This could be viewed as a php.net/manual/en/.

blog2.com: Acts very much like a category in that only items about a specific sub-subject of the main blog appear here. This would be like php.net/manual/en/langref.php.

blog3.com: Acts like blog2.com, but on a different subject, say php.net/manual/en/security.php.

So, I've followed the instructions provided for multiple domains and have them each working. When I login to site1.com/admin.php, I can administrate all collections (as owner) from there and have the evobar when browsing that domain's front office. But if I then go to view content on blog2.com, I am not logged in, no evobar, no edit links, etc. The same is true if I login to blog2.com/admin.php, I can admin all collections but am only recognized as logged in while viewing the front office blog2.com.

Furthermore, I am able to be logged into the same account on all domains, and can access site1.com/admin.php, blog2.com/admin.php, and so on without issues. But I have to login at each one of those.

I employ writers who have technical expertise ranging from none at all to "I know what ctrl+c does." So ease of use and simplicity are very important. Some writers may only write about security, so they only ever need to be logged in on blog3.com, while others may write about security and language syntax, and need full access to both blog2.com and blog3.com.

How can I make this stupidly easy for them?

Ideally, that means they can login on site1.com, write whatever they need in a variety of collections, and still be logged in when viewing the front office of blog1.com, blog2.com, and blog3.com, without having to login to each one? Basically, I need cookies set on site1.com to persist across blog2.com and blog3.com front offices.

I hope my examples help, but if they muddied the water, I'll go plain with it.

Thanks!

Jul 08, 2016 20:28

This is getting annoying... I type replies, press send, and it disappears.

Anyway, short version this time. The cookie being set on the above setup has two issues.

1) I've changed the instance name to ss, but the cookie still shows the default b2evo instance name on all domains. I've unset that instance name, realizing I don't need it in my single install setup, no changes.

2) The single underscore that's supposed to separate the instance name and domain in the cookie name is actually coming across as a double underscore. Doubled checked _advanced.php and it's only calling for 1 underscore.

Could any of that be causing the issue I'm experiencing with multiple domain use?

Jul 08, 2016 22:04

You are not experiencing an "issue" with multiple domains use. This is how cookies work: they are specific to a single domain. They cannot be shared between domains.

The php.net examples are not representative because they are all on the same domain: php.net !

What you are asking for is more like if I log in on php.net, I also want my cookies to be sent to microsoft.com and to apple.com.

For security reasons, all browsers restrict cookies to a single domain like xyz.com (sometimes they even require 3 parts in the domain, like xyz.co.uk).

What you want to do is beyond what cookies can do.


Regarding instance name: it should never be empty. B2evo is not designed to work without an instance name.

Jul 08, 2016 23:06

It's my understanding that b2e uses index.php in the root to route requests to specific controllers. If this is the case, it has access to all requests on the single root domain before the request is processed (which is where b2e outputs the destination domain). If I'm not mistaken (limited exp with their multi-domain setup), Bolt CM does exactly this with cookies.

So is that a limitation of cookies, or a limitation of b2e? (no offense intended)

Back to the instance name: what I enter should be represented in the cookie, then, should it not? If I enter an instance name of xyz, the cookie must start with session_xyz_, right? It's acting as if the instance name is hard-coded into the core somewhere (probably _advanced.php), in which case, why is the setting in the back office at all? And fyi, it's empty and the site is working as expected in all other areas. Further supports the setting isn't being used somehow. Maybe it's not supposed to? idk

Jul 08, 2016 23:31

All domains will call index.php indeed, but Your browser will not pass the cookies from one domain when calling another domain.

See http://b2evolution.net/man/troubleshooting-cookies for an example of looking at what cookies your browser is sending or not sending. You can see for yourself that your browser will not send the cookie from one domain to another domain.

Regarding the instance name, yes it is in the configurations files. It is NOT in the backoffice. What you set in the bakcoffice is NOT the instance name (you probably refer to the site code, which is a code that is only for visually identifying the backoffice when you are running a few dozens of b2evolution installs, as some of us do...)

Jul 08, 2016 23:35

THANK YOU! Yes, site code. My mistake.


Form is loading...

b2evolution – This forum is powered by b2evolution CMS, a complete engine for your website.