Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

How to run more than one Vanilla installations on one domain?

The plan is to have at least two instances of Vanilla running on the same domain, let's say

In my current setup I have the production forum running at the root of the domain, and a test installation in a sub-domain (http://second.example.tld/). The phenomenon I'm experiencing is that if I am logged in at the production forum, and I visit the test forum I'm automatically logged in there as well, and I can not log out at the test forum as long as I am logged in at the production forum. When I log out from the production forum, I am automatically logged out at the test forum as well.

This surely has something to do with the cookie setup, which looks as follows:

Production Forum:

$Configuration['Garden']['Cookie']['Salt'] = 'SameSalt';
$Configuration['Garden']['Cookie']['Name'] = 'NameOfSite';
$Configuration['Garden']['Cookie']['Domain'] = '.example.tld';

Test Forum:

$Configuration['Garden']['Cookie']['Salt'] = 'SameSalt';
$Configuration['Garden']['Cookie']['Name'] = 'NameOfSite';
$Configuration['Garden']['Cookie']['Domain'] = '.second.example.tld';

Both instances have the same Salt and Name (because the test forum is just a copy of the production forum), so only the Domain part is different.

Is it the salt or name or both that has to be changed to stop the described behavior?

In my intended production setup with a second forum installation in a sub-folder the ['Cookie']['Domain'] will be the same for both installation. Will that be a problem?

The behavior of being logged in automatically in all instances on the same domain could also be beneficial, if a member wants to participate in more than one instance (which of course he has to be registered to, the forums are running on different databases). Can this configuration (whatever part of the cookie settings is responsible for it) cause any (other) problems?

With two forums, is it somehow possible to share or sync the members table of the database, so that a user only has to register to one of the two forums and have member access at the other automatically as well?

Comments

  • Yep you can't have the same salt or you will share session, which will cause security issue where, the UserID are out of step.

    Why would want the same salt? I would also make the Cookie name unique, as that is what will be used to delete the session.

    grep is your friend.

  • Yes, didn't think of the salt when copying the production setup to the test setup.

    Well then I make salt and name unique for each installation, and domain can have the same entry when having the Vanilla instances run in sub-directories under the same domain?

    I'm not quite sure what the dot in front of the domain name is for.

  • Yes change the cookie name and salt,

    the dot main that the cookie will include all sub-domains such as www or forum

    grep is your friend.

Sign In or Register to comment.