Session - cookie domain and path auto configuration

Question

Session - cookie domain and path auto configuration

Closed this issue 5 years ago · 9 comments

In nette 2.4 it was possible to auto-configure session domain and path from current request. With deprecated support for ? in config it is no longer possible to do.

session:
    cookieDomain: '?->getUrl()->getDomain(2)'(@Nette\Http\IRequest)
    cookiePath: '?->getUrl()->getBasePath()'(@Nette\Http\IRequest)

Suggested solution:
Add values domain and subdomain for cookieDomain and auto for cookiePath

Naming for cookieDomain should be discussed - possible behaviors are - subdomain specific (foo.example.com), whole domain (*.example.com) and maybe also domain only, without subdomains? (example.com)

auto value for cookiePath can be potentially colliding with requirement for auto as a static base path - but I don't see a real, problematic use-case, which would need it.

I can send PR, if you agree with that feature.

Answer 1 · 2019-07-07T20:01:29.000Z

ad domain: This is very problematic because example.co.uk is not a subdomain. So I would leave it to the user to specify the domain name exactly.

ad path: hmmm, I am not sure what to imagine under auto. What about basePath or something similar?

Answer 2 · 2019-07-07T20:33:03.000Z

I see, getDomain() splits domain by number of levels. But it should be posible to split domain into individual parts (TLD, SLD and lower levels) properly. So getDomain(Url::(DOMAIN_FULL|DOMAIN_TLD|DOMAIN_SLD|DOMAIN_NO_SUBDOMAIN)), what do you think? Constants would have high numbers to prevent collision with current behavior.

I agree with basePath

Answer 3 · 2019-07-07T21:04:29.000Z

Programming of DOMAIN_NO_SUBDOMAIN is so complex that I don't want to go into it at all. DOMAIN_TLD|DOMAIN_SLD has sense, but it would be programming of something you don't need yourself, right?

Answer 4 · 2019-07-07T21:47:35.000Z

I understand it's a complex code which needs a lot of maintenance with relatively low added value. So I can implement it in my code then. Found a nice TLDExtract library which solves it

Just to be sure - variables in nette routing also don't work with .co.uk format, right? https://github.com/nette/routing/blob/v3.0.0/src/Routing/Route.php#L107-L114

Answer 5 · 2019-07-07T21:55:56.000Z

Yes it's right.

Answer 6 · 2019-07-07T21:57:19.000Z

Okay. Feel free to close if you don't want solve this problem in Nette.

Answer 7 · 2019-07-08T10:21:03.000Z

I don't want to solve issue with domain, but basePath is fine.

Answer 8 · 2019-07-13T14:08:13.000Z

I just checked SessionExtension and unwanted domain option is already implemented 🤔

Answer 9 · 2019-11-01T10:17:07.000Z

Found better to have that kind of configuration separate for every installation. Thanks for your suggestions