Posts: 2,063
Threads: 90
Joined: Nov 2008
Reputation:
14
Why not just use htaccess to always redirect them to the subdomain? Or move the subdomain outside of public_html so that it cannot be accessed from the main domain? That's usually preferable.
Posts: 198
Threads: 12
Joined: Oct 2011
Reputation:
11
Then just redirect them to the subdomain. Even if they did get past the CSRF error, they would be eventually logged out because the cookie paths (if any) do not match, or the session would be considered invalid for that.
Posts: 323
Threads: 23
Joined: Nov 2009
Reputation:
3
12-07-2011, 12:00 AM
(This post was last modified: 12-07-2011, 12:00 AM by zzbomb.)
When you create the subdomain specify a document root that is not in your public_html directory.
Woops. Just noticed kevin already suggested this. Yea... This is the simplest way.
Posts: 2,063
Threads: 90
Joined: Nov 2008
Reputation:
14
Essentially: /home/user/mysubdomain instead of /home/user/public_html/mysubdomain
Posts: 12
Threads: 1
Joined: Dec 2011
Reputation:
2
12-07-2011, 02:04 AM
(This post was last modified: 12-07-2011, 02:05 AM by Days.)
Indeed, what Kevin said. Mine look like this:
/home/nginx/domains/domain.com/public/
/home/nginx/domains/sub.domain.com/public/
For where their accessible content is stored.