Commit 555b7606 authored by Richard Mansfield's avatar Richard Mansfield

Always use wwwroot to generate the cookie domain (bug #1006634)

When user subdomain urls are enabled, parts of the site are at
subdomains under wwwroot, and we need to ensure that cookies are set
with the main site domain to ensure users stay logged in when they go
to profile pages.

Change-Id: I8c8ac4e01078ff926ade7d28ff8d15566d3391e1
parent aab46e2b
......@@ -36,6 +36,9 @@ ini_set('session.gc_divisor', 1000);
// Session timeout is stored in minutes in the database
ini_set('session.gc_maxlifetime', get_config('session_timeout') * 60);
ini_set('session.use_only_cookies', true);
if ($domain = get_config('cookiedomain')) {
ini_set('session.cookie_domain', $domain);
}
ini_set('session.cookie_path', get_mahara_install_subdirectory());
ini_set('session.cookie_httponly', 1);
ini_set('session.hash_bits_per_character', 4);
......
......@@ -211,6 +211,13 @@ if (isset($CFG->wwwroot)) {
}
}
// If we have cleanurl subdomains turned on, we need to set cookiedomain
// to ensure cookies are given back to us in all subdomains
if (isset($CFG->cleanurls) && isset($CFG->cleanurlusersubdomains) && !isset($CFG->cookiedomain)) {
$url = parse_url(get_config('wwwroot'));
$CFG->cookiedomain = '.' . $url['host'];
}
// If we're forcing an ssl proxy, make sure the wwwroot is correct
if ($CFG->sslproxy == true && parse_url($CFG->wwwroot, PHP_URL_SCHEME) !== 'https') {
throw new ConfigSanityException(get_string('wwwrootnothttps', 'error', get_config('wwwroot')));
......
......@@ -1440,7 +1440,10 @@ function get_cookies($prefix) {
function set_cookie($name, $value='', $expires=0, $access=false) {
$name = get_config('cookieprefix') . $name;
$url = parse_url(get_config('wwwroot'));
setcookie($name, $value, $expires, $url['path'], $url['host'], false, true);
if (!$domain = get_config('cookiedomain')) {
$domain = $url['host'];
}
setcookie($name, $value, $expires, $url['path'], $domain, false, true);
if ($access) { // View access cookies may be needed on this request
$_COOKIE[$name] = $value;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment