Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
subdomain control
#1

I have my installation setup as Login(THTinstallhere).domain.com

when and if the site is accessed from www.domain.com/login I get CSRF error when a client logs in. as well my register process does not allow for you to continue past ToS. Neither of these are a real issues except I want no lose ends that could cause a customer accessing the directory other than the sub-domain to feel that my site/services are less than par.

Way is the best way to go about this and I do realize this is not a THT issue as much as its a site issues but would love the get some feedback.

Thanks,

Elysia
Reply
#2
Why not just use htaccess to always redirect them to the subdomain? Or move the subdomain outside of public_html so that it cannot be accessed from the main domain? That's usually preferable.
Kevin Mark - TheHostingTool Lead Developer
Reply
#3
Then just redirect them to the subdomain. Even if they did get past the CSRF error, they would be eventually logged out because the cookie paths (if any) do not match, or the session would be considered invalid for that.
Remote Servers - Shared, Reseller & KVM Hosting Services
Reply
#4
When you create the subdomain specify a document root that is not in your public_html directory.
Woops. Just noticed kevin already suggested this. Yea... This is the simplest way.
[Image: sig.png]
Reply
#5
Essentially: /home/user/mysubdomain instead of /home/user/public_html/mysubdomain
Kevin Mark - TheHostingTool Lead Developer
Reply
#6
Indeed, what Kevin said. Mine look like this:

/home/nginx/domains/domain.com/public/
/home/nginx/domains/sub.domain.com/public/

For where their accessible content is stored.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)