Download & Extend
Issues

Problem with 2 letter domain names, Internet Explorer and cookies

Posted by hsbis on July 9, 2008 at 11:37pm
Project:Drupal core
Version:5.7
Component:base system
Category:bug report
Priority:normal
Assigned:Unassigned
Status:closed (won't fix)

Issue Summary

Hello.

Just wanted to make it public somewhere that 2 letter domains (like ba.za) + drupal + Internet Explorer = no login

I had a problem with users not being able to log in on my drupal site if they were using Internet Explorer.
The problem is: IE rejects cookies coming from two letter domain names + two letter tld

I used to do: ini_set('session.cookie_domain', 'www.ba.za') for other two letter domains/cookie problems and it worked for them, but it didn't work with Drupal.

Diving into the code I found:
$cookie_domain = ini_get('session.cookie_domain');

if (strpos($cookie_domain, 'www.') === 0) {
$cookie_domain = substr($cookie_domain, 4);
}

I commented the last part out and used the above ini_set('session.cookie_domain' 'www.ba.za') - and voilah! Everything started working again.

I hope that you will consider removing this code from the core since using www. in cookies doesn't seem to violate any RFC (but I may have missed that part in the RFC I looked over (2109)).

Hope this will help someone who's running into this problem - and if this isn't the right place to post this and or if I did something wrong or misunderstood something in the drupal setup, please be gentle ;)

Cheers.

Login or register to post comments

Comments

#1

Posted by dman on July 10, 2008 at 12:02am

If the problem really is as you describe it, I think the fix may be elsewhere. That line that strips the 'www' is only a convenience thing to allow users to log in to www.ba.za and ba.za equivalently. Removing it from cookie.domain em>should make the cookie valid for both at once. Either way the cookie should be setting for you as *.ba.za

but... It could be something different that's breaking ... you say just a 2+2 domain? xx.xx ? Hm. OK, that's pretty rare! But all the more reason for me to suspect it's not been found or fixed before.

So, um, it would help to know which version of IE you are using. IE3 was probably pretty bad at cookies ;-)

#2

Posted by mikeschinkel on July 23, 2008 at 12:19am
Status:closed (won't fix)» active

I just spent literally 8 hours over the past two days trying to solve this problem! I've got the domain "1z.tc" (I needed a two letter domain name, and .tc was one of the few available) and yes, I have exactly this same problem. With IE7 (not IE3.)

I ended up adding the following on lines 306..308 of bootstrap.inc after the if {} statement mentioned by hsbis.

// BEGIN HACK -- See: http://drupal.org/node/280623
ini_set('session.cookie_domain', $_SERVER['HTTP_HOST']);
// END HACK

I used $_SERVER['HTTP_HOST'] instead of hardcoding because I use a HOSTS file that masks "http//1z.com" for local testing and (now) a "http//www.1z.tc" for deployment. FYI, "http//1z.com" had no problem logging in.

I also had to add the following to my .htaccess because I could not make "http://1z.tc" work, I could only make "http://www.1z.tc" work:

# Force WWW because Drupal & IE7 doesn't like five (5)
# char domains (http://www.1z.tc is okay, but not http://1z.tc)
RewriteCond %{HTTP_HOST} ^1z\.tc$ [NC]
RewriteRule (.*) http://www.1z.tc/$1 [L,R=301]

Uggh. What a waste of what could otherwise have been a productive 8 hours. Now I'm 8 hours behind.

Any chance for a fix, and have the code fire an error that says domains like "http://xx.xx" are not supported and must use "http://www.xx.xx" to keep others from have to go through the same 8 hour nightmare?

#3

Posted by agir on October 14, 2008 at 8:22pm

I can confirm this problem. All versions of IE (including IE7) are having this problem. I use almost same solution (http://drupal.org/node/165736#comment-264229). But I hate hacking the core. I will check Drupal 6, but I think, it will be same. :-(

#4

Posted by Damien Tournoud on October 14, 2008 at 8:37pm
Status:active» closed (won't fix)

That's a really crazy issue: http://support.microsoft.com/kb/310676

I see no clean way of solving this, so I'm won't fixing it.

Drupal 6 is probably not affected. As a workaround, you could try using this is your settings.php:

<?php
  ini_set('www.ba.za');
  $cookie_domain = "pleasedontsetcookiedomain";
?>

#5

Posted by Dave Reid on December 22, 2008 at 9:38pm

I confirmed that http://support.microsoft.com/kb/310676 fixes the issue on IE7 with two letter domain names. What a wacky fix having to put the TLD in backwards in regedit!

For example, myhost.xy.ca, where "ca" stands for Canada. However, you must enter the value field as "ac."

#6

Posted by Aldus on September 22, 2009 at 9:09am

hi, I still have the problem with my http://ro.ma website and Drupal 6. Do you have some fix for Drupal 6 about this bug?

(Update: adding "WWW." to my domain make it work on IE. Still no chance to have my website working on IE as simply: http://ro.ma . Any workaround greatly appreciated)

#7

Posted by mazaza on May 28, 2010 at 6:45pm

The problem is still present for Drupal 6.x and IE7 - for two-letter domains (danish .dk in my case). I had to use the core hack by hsbis - commenting out the removing of "www" from cookie domain in conf_init() function in /includes/bootstrap.inc.

Also my cookie domain is set to www.NN.dk. This means, that I can't use NN.dk when logging in, which I've fixed by rewriting all trafic to www.NN.dk - as mentioned by MikeSchinkel in #2

Maybe a setting somewhere to make the removing of www in cookie domain in conf_init() voluntary?