- Patch #117917 by chx, greg, webchick et al: fix problems with the automatic domain extraction -- prevents users from logging in.

1 files changed, 12 insertions, 2 deletions

diff --git a/sites/default/settings.php b/sites/default/settings.php
index a6cbd050b..8ab4c142b 100644
--- a/sites/default/settings.php
+++ b/sites/default/settings.php
@@ -137,8 +137,7 @@ ini_set('session.use_trans_sid',    0);
 ini_set('url_rewriter.tags',        '');
 
 /**
- * We try to set the correct cookie domain. If you are experiencing problems
- * try commenting out the code below or specifying the cookie domain by hand.
+ * We try to set the correct cookie domain.
  */
 if (isset($_SERVER['HTTP_HOST'])) {
   $domain = '.'. preg_replace('`^www.`', '', $_SERVER['HTTP_HOST']);
@@ -150,6 +149,17 @@ if (isset($_SERVER['HTTP_HOST'])) {
 }
 
 /**
+ * On some sites, multiple domains or subdomains may point to the same site.
+ * For instance, example.com may redirect to foo.example.com. In that case,
+ * the browser may confuse the cookies between the two domains, resulting in
+ * an inability to log in. In that case, uncomment the line below and set
+ * it to the more generic domain name. For instance, .example.com is more
+ * generic than .foo.example.com. Remember the leading period on the domain
+ * name, even if you wouldn't type it in your browser.
+ */
+#ini_set('session.cookie_domain', '.example.com');
+
+/**
  * Variable overrides:
  *
  * To override specific entries in the 'variable' table for this site,