Hello,
Drupal seems to keep a different set of cookies for each subdomain. For example, it is possible to be logged in as User_1 in http://foo.org and at the same time, on the same browser, to be logged in as User_2 in http://www.foo.org
I figure that this is because Drupal's cookies are different for foo.org and www.foo.org
I've had complaints from users that they log in as one user and magically they appear as a different user. I'm thinking that perhaps this url/cookie issue is the root problem.
Is there a way to tell Drupal to use a single set of cookies for all domains? If I recall correctly, if you set the cookie domain to .foo.org (notice the '.' at the beginning) the cookie will apply to all domains. Does anyone know where I might set this?
Thanks. Daniel.
Quoting Daniel Carrera daniel.carrera@zmsl.com:
Hello,
Drupal seems to keep a different set of cookies for each subdomain. For example, it is possible to be logged in as User_1 in http://foo.org and at the same time, on the same browser, to be logged in as User_2 in http://www.foo.org
I figure that this is because Drupal's cookies are different for foo.org and www.foo.org
I've had complaints from users that they log in as one user and magically they appear as a different user. I'm thinking that perhaps this url/cookie issue is the root problem.
Is there a way to tell Drupal to use a single set of cookies for all domains? If I recall correctly, if you set the cookie domain to .foo.org (notice the '.' at the beginning) the cookie will apply to all domains. Does anyone know where I might set this?
The fix is easy: 1) settings.php 2) search for $cookie_domain 3) edit the line to set it to the domain you desire, e.g. www.foo.org.
Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/
Earnie Boyd wrote:
The fix is easy: 1) settings.php 2) search for $cookie_domain 3) edit the line to set it to the domain you desire, e.g. www.foo.org.
And if I set the domain to .foo.org then the same cookie will apply to all domains under foo.org? (foo.org, www.foo.org, test.foo.org, etc)
Daniel Carrera wrote:
Earnie Boyd wrote:
The fix is easy: 1) settings.php 2) search for $cookie_domain 3) edit the line to set it to the domain you desire, e.g. www.foo.org.
And if I set the domain to .foo.org then the same cookie will apply to all domains under foo.org? (foo.org, www.foo.org, test.foo.org, etc)
Setting it to .foo.org didn't work, but setting it to some other domain (foo.org or www.foo.org) works correctly. I'm happy with that. I don't have my heart set on a cookie domain.
Thanks a lot!
Daniel.
On Fri, Aug 22, 2008 at 3:46 PM, Daniel Carrera daniel.carrera@zmsl.com wrote:
Daniel Carrera wrote:
Earnie Boyd wrote:
The fix is easy: 1) settings.php 2) search for $cookie_domain 3) edit the line to set it to the domain you desire, e.g. www.foo.org.
And if I set the domain to .foo.org then the same cookie will apply to all domains under foo.org? (foo.org, www.foo.org, test.foo.org, etc)
Setting it to .foo.org didn't work, but setting it to some other domain (foo.org or www.foo.org) works correctly. I'm happy with that. I don't have my heart set on a cookie domain.
That should be fine. The Drupal variable $cookie_domain = 'example.com' is not the same thing as ini_set('session.cookie_domain', ".example.com") with the front dot, but it results in the same thing if I remember correctly.
Thanks a lot!
Daniel.
[ Drupal support list | http://lists.drupal.org/ ]