Commit e9e4a3a4 authored by Steven Wittens's avatar Steven Wittens
Browse files

#108663: Fix edge case for cookie domains (conform to RFC 2109)

parent 5790f436
...@@ -142,7 +142,11 @@ ...@@ -142,7 +142,11 @@
*/ */
if (isset($_SERVER['HTTP_HOST'])) { if (isset($_SERVER['HTTP_HOST'])) {
$domain = '.'. preg_replace('`^www.`', '', $_SERVER['HTTP_HOST']); $domain = '.'. preg_replace('`^www.`', '', $_SERVER['HTTP_HOST']);
ini_set('session.cookie_domain', $domain); // Per RFC 2109, cookie domains must contain at least one dot other than the
// first. For hosts such as 'localhost', we don't set a cookie domain.
if (count(explode('.', $domain)) > 2) {
ini_set('session.cookie_domain', $domain);
}
} }
/** /**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment