sess_cookie_domain and domain level

Question

sess_cookie_domain and domain level

Opened this issue 4 years ago · 1 comments

When running imathas on our staging server (staging.xyzhomework.com), in order to have cookies specific to staging, it is recommended to specify in the config.php file:

$CFG['GEN']['domainlevel'] = -3;

But in init.php, the line that build the cookie domain prepends an unwanted dot:
$sess_cookie_domain = '.'.implode('.',array_slice($hostparts,isset($CFG['GEN']['domainlevel'])?$CFG['GEN']['domainlevel']:-2));
The extra dot (just before the implode call) is needed only when domainlevel=2, but results in an extra dot when domainlevel=3.

Answer 1 · 2020-02-08T17:28:49.000Z

The leading dot should be harmless. The cookie domain RFC says that when the domain starts with a leading dot, the cookie will be used for that domain and all subdomains. So if it sets the cookie as .staging.xyzhomework.com, that will work fine for the staging site, though it would also work for any sub-subdomains. Actually it sounds like the latest RFC actually says browsers should just ignore the leading dot.

Is that leading dot causing a problem?