I am currently trying to configure an eZ Publish Platform (5.0 with legacy kernel 2012.12). We have one backend siteaccess, and two frontend siteaccesses, as follows :
- xxx_admin : admin.xxx.dev
- xxx_fre_fr : fr.xxx.dev
- xxx_eng_gb : www.xxx.dev
I would like the cookies to be shared between all siteaccesses. In my legacy settings/override/site.ini.append.php, I have :
Now, I cannot log in to the back office. When I try logging in, with the right username and password, the URL in Firefox changes to : /content/dashboard, but I still see the login form. I know that my identifiers are valid, because if I type invalid ones, I see the warning box (the one with the orange border). I just have to comment the CookieDomain line in the .ini file for the back office access to be operational again.
It took me a while to understand what was going on. But as usual, Firebug gave me a helpful hand. Having deleted all cookies for the domain .xxx.dev :
- I go to admin.xxx.dev : the login form is displayed. A cookie (cookie #1) is set for the domain .xxx.dev (the one set in CookieDomain).
- I type my identification informations and click the "Log in" button. A redirection is made to /content/dashboard, but the login form is still displayed. Firebug tells me that another cookie (cookie #2) has been created... for admin.xxx.dev, which is the subdomain I am on!
I attached an image to illustrate that. Both cookies are created with the same name, so I guess that the one taken into account has 1 out of 2 chances to be the right one?
If I comment the CookieDomain line, the domain for both the cookie #1 and cookie #2 is admin.xxx.dev. And this time, it works. Another cookie "is_logged" is created as well. It is as if the login controller did not take into account the CookieDomain setting.
It looks like an issue to me. What do you think?