Index: install/english.lang
===================================================================
--- install/english.lang (revision 13470)
+++ install/english.lang (working copy)
@@ -250,6 +250,7 @@
RnJhbWVzIGluIGFkbWluaXN0cmF0aXZlIGNvbnNvbGUgYXJlIHJlc2l6YWJsZQ==
TWluaW1hbCBTZWFyY2ggS2V5d29yZCBMZW5ndGg=
U2Vzc2lvbiBTZWN1cml0eSBDaGVjayBiYXNlZCBvbiBCcm93c2VyIFNpZ25hdHVyZQ==
+ U2Vzc2lvbiBDb29raWUgRG9tYWlucyAoc2luZ2xlIGRvbWFpbiBwZXIgbGluZSk=
U2Vzc2lvbiBTZWN1cml0eSBDaGVjayBiYXNlZCBvbiBJUA==
V2Vic2l0ZSBTdWJ0aXRsZQ==
VGltZSB6b25lIG9mIHRoZSBzaXRl
Index: install/install_data.sql
===================================================================
--- install/install_data.sql (revision 13476)
+++ install/install_data.sql (working copy)
@@ -43,6 +43,7 @@
INSERT INTO ConfigurationValues VALUES(DEFAULT, 'UseVisitorTracking', '0', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsWebsite', 'la_config_UseVisitorTracking', 'checkbox', '', '', 10.09, 0, 0, NULL);
INSERT INTO ConfigurationValues VALUES(DEFAULT, 'CookieSessions', '2', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSession', 'la_prompt_session_management', 'select', NULL, '0=lu_opt_QueryString||1=lu_opt_Cookies||2=lu_opt_AutoDetect', 20.01, 0, 1, NULL);
INSERT INTO ConfigurationValues VALUES(DEFAULT, 'SessionCookieName', 'sid', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSession', 'la_prompt_session_cookie_name', 'text', '', '', 20.02, 0, 1, NULL);
+INSERT INTO ConfigurationValues VALUES(DEFAULT, 'SessionCookieDomains', '', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSession', 'la_config_SessionCookieDomains', 'textarea', '', 'rows="5" cols="40"', 20.021, 0, 0, NULL);
INSERT INTO ConfigurationValues VALUES(DEFAULT, 'KeepSessionOnBrowserClose', '0', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSession', 'la_config_KeepSessionOnBrowserClose', 'checkbox', '', '', 20.03, 0, 0, NULL);
INSERT INTO ConfigurationValues VALUES(DEFAULT, 'SessionBrowserSignatureCheck', '0', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSession', 'la_config_SessionBrowserSignatureCheck', 'checkbox', NULL, NULL, 20.04, 0, 1, NULL);
INSERT INTO ConfigurationValues VALUES(DEFAULT, 'SessionIPAddressCheck', '0', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSession', 'la_config_SessionIPAddressCheck', 'checkbox', NULL, NULL, 20.05, 0, 1, NULL);
Index: install/upgrades.sql
===================================================================
--- install/upgrades.sql (revision 13476)
+++ install/upgrades.sql (working copy)
@@ -1810,3 +1810,5 @@
UPDATE Phrase
SET l<%PRIMARY_LANGUAGE%>_Translation = 'Enable SEO-friendly URLs mode (MOD-REWRITE)'
WHERE Phrase = 'la_config_use_modrewrite' AND l<%PRIMARY_LANGUAGE%>_Translation = 'Use MOD REWRITE';
+
+INSERT INTO ConfigurationValues VALUES(DEFAULT, 'SessionCookieDomains', '', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSession', 'la_config_SessionCookieDomains', 'textarea', '', 'rows="5" cols="40"', 20.021, 0, 0, NULL);
Index: kernel/session/session.php
===================================================================
--- kernel/session/session.php (revision 13462)
+++ kernel/session/session.php (working copy)
@@ -549,9 +549,63 @@
*/
function SetCookieDomain($domain)
{
- $this->CookieDomain = substr_count($domain, '.') ? '.'.ltrim($domain, '.') : false;
+ // 1. localhost or other like it without "." in domain name
+ if (!substr_count($domain, '.')) {
+ // don't use cookie domain at all
+ $this->CookieDomain = false;
+ return ;
+ }
+
+ // 2. match using predefined cookie domains from configuration
+ $cookie_domains = $this->Application->ConfigValue('SessionCookieDomains');
+
+ if ($cookie_domains) {
+ $cookie_domains = array_map('trim', explode("\n", $cookie_domains));
+
+ foreach ($cookie_domains as $cookie_domain) {
+ if (ltrim($cookie_domain, '.') == $domain) {
+ $this->CookieDomain = $cookie_domain; // as defined in configuration
+ return ;
+ }
+ }
+ }
+
+ // 3. only will execute, when none of domains were matched at previous step
+ $this->CookieDomain = $this->_autoGuessDomain($domain);
}
+ /**
+ * Auto-guess cookie domain based on $_SERVER['HTTP_HOST']
+ *
+ * @param $domain
+ * @return string
+ */
+ function _autoGuessDomain($domain)
+ {
+ static $cache = Array ();
+
+ if (!array_key_exists($domain, $cache)) {
+ switch ( substr_count($domain, '.') ) {
+ case 2:
+ // 3rd level domain (3 parts)
+ $cache[$domain] = substr($domain, strpos($domain, '.')); // with leading "."
+ break;
+
+ case 1:
+ // 2rd level domain (2 parts)
+ $cache[$domain] = '.' . $domain; // with leading "."
+ break;
+
+ default:
+ // more then 3rd level
+ $cache[$domain] = ltrim($domain, '.'); // without leading "."
+ break;
+ }
+ }
+
+ return $cache[$domain];
+ }
+
function SetGETName($get_name)
{
$this->GETName = $get_name;
@@ -715,6 +769,21 @@
$this->Application->HttpQuery->Cookie[$name] = $value;
}
+ $old_style_domains = Array (
+ // domain like in pre 5.1.0 versions
+ '.' . SERVER_NAME,
+
+ // auto-guessed domain (when user specified other domain in configuration variable)
+ $this->_autoGuessDomain(SERVER_NAME)
+ );
+
+ foreach ($old_style_domains as $old_style_domain) {
+ if ($this->CookieDomain != $old_style_domain) {
+ // new style cookie domain -> delete old style cookie to prevent infinite redirect
+ setcookie($name, $value, adodb_mktime() - 3600, $this->CookiePath, $old_style_domain, $this->CookieSecure);
+ }
+ }
+
setcookie($name, $value, $expires, $this->CookiePath, $this->CookieDomain, $this->CookieSecure);
}
Index: kernel/utility/unit_config_reader.php
===================================================================
--- kernel/utility/unit_config_reader.php (revision 13473)
+++ kernel/utility/unit_config_reader.php (working copy)
@@ -82,6 +82,7 @@
// session related
'SessionTimeout',
'SessionCookieName',
+ 'SessionCookieDomains',
'SessionBrowserSignatureCheck',
'SessionIPAddressCheck',
'CookieSessions',