Threaded Mode | Linear Mode

elysia · 12-06-2011, 04:59 PM

I have my installation setup as Login(THTinstallhere).domain.com

when and if the site is accessed from http://www.domain.com/login I get CSRF error when a client logs in. as well my register process does not allow for you to continue past ToS. Neither of these are a real issues except I want no lose ends that could cause a customer accessing the directory other than the sub-domain to feel that my site/services are less than par.

Way is the best way to go about this and I do realize this is not a THT issue as much as its a site issues but would love the get some feedback.

Thanks,

Elysia

***Kevin*** · 12-06-2011, 09:50 PM

Why not just use htaccess to always redirect them to the subdomain? Or move the subdomain outside of public_html so that it cannot be accessed from the main domain? That's usually preferable.

Liam D. · 12-06-2011, 10:40 PM

Then just redirect them to the subdomain. Even if they did get past the CSRF error, they would be eventually logged out because the cookie paths (if any) do not match, or the session would be considered invalid for that.

**zzbomb** · (This post was last modified: 12-07-2011 12:00 AM by zzbomb.)

When you create the subdomain specify a document root that is not in your public_html directory.
Woops. Just noticed kevin already suggested this. Yea... This is the simplest way.

***Kevin*** · 12-07-2011, 01:31 AM

Essentially: /home/user/mysubdomain instead of /home/user/public_html/mysubdomain

Days · (This post was last modified: 12-07-2011 02:05 AM by Days.)

Indeed, what Kevin said. Mine look like this:

/home/nginx/domains/domain.com/public/
/home/nginx/domains/sub.domain.com/public/

For where their accessible content is stored.