In phpBB 3.0.2's changelog, the following line bothers me:
- [Change] Don't allow redirects to different domains. (thanks nookieman)
My forum is a subdomain, forums.mysite.com. On www.
mysite.com, I have a login box, which has a post action taking the user to forums.mysite.com (to log in), and then back to www.
mysite.com using the login redirect feature (to the last visited page). My cookie settings are set to allow every subdomain under .mysite.com, so the user will stay logged in at forums.mysite.com, www.
mysite.com and something.mysite.com. However, will the login redirect still work for www.
mysite.com, which is technically another domain than forums.mysite.com?