Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sess_cookie_domain and domain level #156

Open
saiena opened this issue Feb 6, 2020 · 1 comment
Open

sess_cookie_domain and domain level #156

saiena opened this issue Feb 6, 2020 · 1 comment

Comments

@saiena
Copy link
Contributor

saiena commented Feb 6, 2020

When running imathas on our staging server (staging.xyzhomework.com), in order to have cookies specific to staging, it is recommended to specify in the config.php file:

$CFG['GEN']['domainlevel'] = -3;

But in init.php, the line that build the cookie domain prepends an unwanted dot:
$sess_cookie_domain = '.'.implode('.',array_slice($hostparts,isset($CFG['GEN']['domainlevel'])?$CFG['GEN']['domainlevel']:-2));
The extra dot (just before the implode call) is needed only when domainlevel=2, but results in an extra dot when domainlevel=3.
@drlippman
Copy link
Owner

The leading dot should be harmless. The cookie domain RFC says that when the domain starts with a leading dot, the cookie will be used for that domain and all subdomains. So if it sets the cookie as .staging.xyzhomework.com, that will work fine for the staging site, though it would also work for any sub-subdomains. Actually it sounds like the latest RFC actually says browsers should just ignore the leading dot.

Is that leading dot causing a problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@drlippman @saiena