Commit e9e4a3a4 authored by Steven Wittens's avatar Steven Wittens
Browse files

#108663: Fix edge case for cookie domains (conform to RFC 2109)

parent 5790f436
......@@ -142,7 +142,11 @@
*/
if (isset($_SERVER['HTTP_HOST'])) {
$domain = '.'. preg_replace('`^www.`', '', $_SERVER['HTTP_HOST']);
// Per RFC 2109, cookie domains must contain at least one dot other than the
// first. For hosts such as 'localhost', we don't set a cookie domain.
if (count(explode('.', $domain)) > 2) {
ini_set('session.cookie_domain', $domain);
}
}
/**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment