Commit b93ce19a authored by Dries's avatar Dries

- Patch #56357 by John Albin, alienbrain, moshe, etc: fixed more cookie domain problems.

parent 24870347
......@@ -256,13 +256,14 @@ function drupal_unset_globals() {
}
/**
* Loads the configuration and sets the base URL correctly.
* Loads the configuration and sets the base URL, cookie domain, and
* session name correctly.
*/
function conf_init() {
global $base_url, $base_path, $base_root;
// Export the following settings.php variables to the global namespace
global $db_url, $db_prefix, $conf, $installed_profile;
global $db_url, $db_prefix, $cookie_domain, $conf, $installed_profile;
$conf = array();
include_once './'. conf_path() .'/settings.php';
......@@ -290,6 +291,31 @@ function conf_init() {
$base_path = '/';
}
}
if ($cookie_domain) {
// If the user specifies the cookie domain, also use it for session name.
$session_name = $cookie_domain;
}
else {
// Otherwise use $base_url for session name.
$session_name = $base_url;
// We try to set the cookie domain to the hostname.
if (!empty($_SERVER['HTTP_HOST'])) {
$cookie_domain = $_SERVER['HTTP_HOST'];
}
}
// Strip leading periods, www., and port numbers from cookie domain.
$cookie_domain = ltrim($cookie_domain, '.');
if (strpos($cookie_domain, 'www.') === 0) {
$cookie_domain = substr($cookie_domain, 4);
}
$cookie_domain = '.'. array_shift(explode(':', $cookie_domain));
// Per RFC 2109, cookie domains must contain at least one dot other than the
// first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain.
if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) {
ini_set('session.cookie_domain', $cookie_domain);
}
session_name('SESS'. md5($session_name));
}
/**
......
......@@ -137,27 +137,15 @@
ini_set('url_rewriter.tags', '');
/**
* We try to set the correct cookie domain.
*/
if (isset($_SERVER['HTTP_HOST'])) {
$domain = '.'. preg_replace('`^www\.`', '', $_SERVER['HTTP_HOST']);
// Per RFC 2109, cookie domains must contain at least one dot other than the
// first. For hosts such as 'localhost', we don't set a cookie domain.
if (count(explode('.', $domain)) > 2) {
ini_set('session.cookie_domain', $domain);
}
}
* Drupal automatically generates a unique session cookie name for each site
* based on on its full domain name. If you have multiple domains pointing at
* the same Drupal site, you can either redirect them all to a single
* domain (see comment in .htaccess), or uncomment the line below and specify
* their shared base domain. Doing so assures that users remain logged in as they
* cross between your various domains.
*/
/**
* On some sites, multiple domains or subdomains may point to the same site.
* For instance, example.com may redirect to foo.example.com. In that case,
* the browser may confuse the cookies between the two domains, resulting in
* an inability to log in. In that case, uncomment the line below and set
* it to the more generic domain name. For instance, .example.com is more
* generic than .foo.example.com. Remember the leading period on the domain
* name, even if you wouldn't type it in your browser.
*/
#ini_set('session.cookie_domain', '.example.com');
#$cookie_domain = 'example.com';
/**
* Variable overrides:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment