1 files changed, 5 insertions, 1 deletions

diff --git a/sites/default/settings.php b/sites/default/settings.php
index 89d3de362..a6cbd050b 100644
--- a/sites/default/settings.php
+++ b/sites/default/settings.php
@@ -142,7 +142,11 @@ ini_set('url_rewriter.tags',        '');
  */
 if (isset($_SERVER['HTTP_HOST'])) {
   $domain = '.'. preg_replace('`^www.`', '', $_SERVER['HTTP_HOST']);
-  ini_set('session.cookie_domain', $domain);
+  // Per RFC 2109, cookie domains must contain at least one dot other than the
+  // first. For hosts such as 'localhost', we don't set a cookie domain.
+  if (count(explode('.', $domain)) > 2) {
+    ini_set('session.cookie_domain', $domain);
+  }
 }
 
 /**