#108663: Fix edge case for cookie domains (conform to RFC 2109)

author: Steven Wittens <steven@10.no-reply.drupal.org> 2007-01-14 02:05:15 +0000
committer: Steven Wittens <steven@10.no-reply.drupal.org> 2007-01-14 02:05:15 +0000
commit: e9e4a3a44614125b0a576740fb1894fc1fc07417 (patch)
tree: 02625d64a3502eda7e0ee16ac1597261842eba80 /sites
parent: 5790f43620b55ea9338092252fc2c93e639e3d54 (diff)
download: brdo-e9e4a3a44614125b0a576740fb1894fc1fc07417.tar.gz
brdo-e9e4a3a44614125b0a576740fb1894fc1fc07417.tar.bz2
1 files changed, 5 insertions, 1 deletions
diff --git a/sites/default/settings.php b/sites/default/settings.php
index 89d3de362..a6cbd050b 100644
--- a/sites/default/settings.php
+++ b/sites/default/settings.php
@@ -142,7 +142,11 @@ ini_set('url_rewriter.tags',        '');
  */
 if (isset($_SERVER['HTTP_HOST'])) {
   $domain = '.'. preg_replace('`^www.`', '', $_SERVER['HTTP_HOST']);
-  ini_set('session.cookie_domain', $domain);
+  // Per RFC 2109, cookie domains must contain at least one dot other than the
+  // first. For hosts such as 'localhost', we don't set a cookie domain.
+  if (count(explode('.', $domain)) > 2) {
+    ini_set('session.cookie_domain', $domain);
+  }
 }
 
 /**
author	Steven Wittens <steven@10.no-reply.drupal.org>	2007-01-14 02:05:15 +0000
committer	Steven Wittens <steven@10.no-reply.drupal.org>	2007-01-14 02:05:15 +0000
commit	e9e4a3a44614125b0a576740fb1894fc1fc07417 (patch)
tree	02625d64a3502eda7e0ee16ac1597261842eba80 /sites
parent	5790f43620b55ea9338092252fc2c93e639e3d54 (diff)
download	brdo-e9e4a3a44614125b0a576740fb1894fc1fc07417.tar.gz brdo-e9e4a3a44614125b0a576740fb1894fc1fc07417.tar.bz2