PHP session's cookie domain + port
A for , submitted by dushakov on 27 April 2010
Announcement
Symphony's issue tracker has been moved to Github.
Issues are displayed here for reference only and cannot be created or edited.
Browse
Closed#309: PHP session's cookie domain + port
-
-
- dushakov
- Comment #1
- 27 Apr 10, 5:42 am
-
-
- Alistair
- Comment #2
- 29 Apr 10, 3:43 pm
This issue is closed.
PHP’s setcookie, sessionsetcookie_params, etc shouldn’t include port in the cookie domain parameter, since this would not be recognized correctly. Issue can be found with projects on multiple servers, when cookie will be rejected due to different ports on servers.
According to http://www.faqs.org/rfcs/rfc2965.html, set-cookie2 function supports the port parameter. However, i’m not sure about it’s current implementation in PHP, despite some patches in dev’s branch.
It would be good if symphony handled this either by using some set-cookie2 implementation or stripping it from the domain per some symphony configuration option at least.
Currently, in class.session.php, line 83, following code adds port to cookie domain parameter: $domain .= ‘:’ . $parsed[‘port’]. Simple commenting this code resolves the problem.