Index: install/english.lang
===================================================================
--- install/english.lang (revision 13140)
+++ install/english.lang (working copy)
@@ -226,6 +226,7 @@
RnJhbWVzIGluIGFkbWluaXN0cmF0aXZlIGNvbnNvbGUgYXJlIHJlc2l6YWJsZQ==
TWluaW1hbCBTZWFyY2ggS2V5d29yZCBMZW5ndGg=
U2Vzc2lvbiBTZWN1cml0eSBDaGVjayBiYXNlZCBvbiBCcm93c2VyIFNpZ25hdHVyZQ==
+ U2Vzc2lvbiBDb29raWUgRG9tYWlucyAoc2luZ2xlIGRvbWFpbiBwZXIgbGluZSk=
U2Vzc2lvbiBTZWN1cml0eSBDaGVjayBiYXNlZCBvbiBJUA==
V2Vic2l0ZSBTdWJ0aXRsZQ==
VGltZSB6b25lIG9mIHRoZSBzaXRl
Index: install/install_data.sql
===================================================================
--- install/install_data.sql (revision 13151)
+++ install/install_data.sql (working copy)
@@ -78,6 +78,8 @@
INSERT INTO ConfigurationValues VALUES (DEFAULT, 'CookieSessions', '2', 'In-Portal', 'in-portal:configure_advanced');
INSERT INTO ConfigurationAdmin VALUES ('SessionCookieName', 'la_section_SettingsSession', 'la_prompt_session_cookie_name', 'text', '', '', 20.02, 0, 1);
INSERT INTO ConfigurationValues VALUES (DEFAULT, 'SessionCookieName', 'sid', 'In-Portal', 'in-portal:configure_advanced');
+INSERT INTO ConfigurationAdmin VALUES ('SessionCookieDomains', 'la_section_SettingsSession', 'la_config_SessionCookieDomains', 'textarea', '', 'rows="5" cols="40"', 20.021, 0, 0);
+INSERT INTO ConfigurationValues VALUES (DEFAULT, 'SessionCookieDomains', '', 'In-Portal', 'in-portal:configure_advanced');
INSERT INTO ConfigurationAdmin VALUES ('KeepSessionOnBrowserClose', 'la_section_SettingsSession', 'la_config_KeepSessionOnBrowserClose', 'checkbox', '', '', 20.03, 0, 0);
INSERT INTO ConfigurationValues VALUES (DEFAULT, 'KeepSessionOnBrowserClose', '0', 'In-Portal', 'in-portal:configure_advanced');
INSERT INTO ConfigurationAdmin VALUES ('SessionBrowserSignatureCheck', 'la_section_SettingsSession', 'la_config_SessionBrowserSignatureCheck', 'checkbox', NULL, NULL, 20.04, 0, 1);
Index: install/upgrades.sql
===================================================================
--- install/upgrades.sql (revision 13151)
+++ install/upgrades.sql (working copy)
@@ -1650,3 +1650,6 @@
DELETE FROM Phrase WHERE Phrase LIKE 'la_event_%';
DELETE FROM PersistantSessionData WHERE VariableName = 'phrases_columns_.';
+
+INSERT INTO ConfigurationAdmin VALUES ('SessionCookieDomains', 'la_section_SettingsSession', 'la_config_SessionCookieDomains', 'textarea', '', 'rows="5" cols="40"', 20.021, 0, 0);
+INSERT INTO ConfigurationValues VALUES (DEFAULT, 'SessionCookieDomains', '', 'In-Portal', 'in-portal:configure_advanced');
Index: kernel/session/session.php
===================================================================
--- kernel/session/session.php (revision 13128)
+++ kernel/session/session.php (working copy)
@@ -536,9 +536,55 @@
*/
function SetCookieDomain($domain)
{
- $this->CookieDomain = substr_count($domain, '.') ? '.'.ltrim($domain, '.') : false;
+ // 1. localhost or other like it without "." in domain name
+ if (!substr_count($domain, '.')) {
+ // don't use cookie domain at all
+ $this->CookieDomain = false;
+ return ;
+ }
+
+ // 2. match using predefined cookie domains from configuration
+ $cookie_domains = $this->Application->ConfigValue('SessionCookieDomains');
+
+ if ($cookie_domains) {
+ $cookie_domains = array_map('trim', explode("\n", $cookie_domains));
+
+ foreach ($cookie_domains as $cookie_domain) {
+ if (ltrim($cookie_domain, '.') == $domain) {
+ $this->CookieDomain = $cookie_domain; // as defined in configuration
+ return ;
+ }
+ }
+ }
+
+ // 3. only will execute, when none of domains were matched at previous step
+ $this->CookieDomain = $this->_autoGuessDomain($domain);
}
+ /**
+ * Auto-guess cookie domain based on $_SERVER['HTTP_HOST']
+ *
+ * @param $domain
+ * @return string
+ */
+ function _autoGuessDomain($domain)
+ {
+ switch ( substr_count($domain, '.') ) {
+ case 2:
+ // 3rd level domain (3 parts)
+ return substr($domain, strpos($domain, '.')); // with leading "."
+ break;
+
+ case 1:
+ // 2rd level domain (2 parts)
+ return '.' . $domain; // with leading "."
+ break;
+ }
+
+ // more then 3rd level
+ return ltrim($domain, '.'); // without leading "."
+ }
+
function SetGETName($get_name)
{
$this->GETName = $get_name;
@@ -702,6 +748,13 @@
$this->Application->HttpQuery->Cookie[$name] = $value;
}
+ $old_style_domain = defined('IS_INSTALL') && IS_INSTALL ? '.' . SERVER_NAME : $this->_autoGuessDomain(SERVER_NAME);
+
+ if ($this->CookieDomain != $old_style_domain) {
+ // new style cookie domain -> delete old style cookie to prevent infinite redirect
+ setcookie($name, $value, adodb_mktime() - 3600, $this->CookiePath, $old_style_domain, $this->CookieSecure);
+ }
+
setcookie($name, $value, $expires, $this->CookiePath, $this->CookieDomain, $this->CookieSecure);
}
Index: kernel/utility/unit_config_reader.php
===================================================================
--- kernel/utility/unit_config_reader.php (revision 13128)
+++ kernel/utility/unit_config_reader.php (working copy)
@@ -81,6 +81,7 @@
$config_vars = Array (
'SessionTimeout',
'SessionCookieName',
+ 'SessionCookieDomains',
'SessionBrowserSignatureCheck',
'SessionIPAddressCheck',
'CookieSessions',