Change domain for session variable

Hakulicious - December 1, 2008 - 03:26

Right now the domain for the session variable is: .domain.com

However, I am trying to set up a subdomain for static images, and since it will only be images in this domain, the session cookie doesn't need to be sent with each http request. However, the domain that the session coookie is set up for is shared across all subdomains, and as a result, the cookie is sent with each http request for all subdomains.

I want to change the domain of the session cookie to be www.domain.com. But I cannot figure out how to do this. I've played around with the $cookie_domain in the settings.php file, but that doesn't seem to work, and I'm kind of at a loss.

» Login or register to post comments

I don't think that the

cog.rusty - December 1, 2008 - 05:38

I don't think that the subdomains get the same cookie domain as the main site. They should get their own cookie domain, sub.example.com by default, without changing any setting.

The $cookie_domain variable produces .example.com for the main site, as specified in w3c. However, if for some reason you must change it to www.example.com then use an ini_set('session.cookie_domain', 'www.example.com'); line instead of the $cookie_domain variable. I wouldn't do that.

sub-domains do get their own

Hakulicious - December 1, 2008 - 12:15

sub-domains do get their own cookie, that's not the problem. The problem is the main domain is getting a non-specific cookie (.domain.com) rather than a specific cookie (www.domain.dom), and as a result the cookie is being passed to the subdomain, when i don't want it to be.

I tried the ini_set, but it didn't work - the cookie still stayed as .domain.com

You are right, I just tested

cog.rusty - December 1, 2008 - 15:22

You are right, I just tested the direct set_ini() call and doesn't work. It must be overrided afterwards.

Why do you say that the non-specific cookie is passed to the subdomains? Did you find that the subdomains are picking something from that cookie?

Definitely not. The

Hakulicious - December 3, 2008 - 07:08

Definitely not. The subdomain is only for static images. I am using it in my CSS files to draw the images from. The reason I set this up was to enable images to be requested without the cookie attached, as the cookie isn't needed for image files.

Does anybody else have an idea on how to change the domain name for the default cookie?

Look at

cog.rusty - December 3, 2008 - 08:10

Look at http://api.drupal.org/api/file/includes/bootstrap.inc/6/source where it says // Strip leading periods, www., and port numbers from cookie domain.

Apparently no matter whether you specify a $cookie_domain, or it is deduced from a $base_url, or it is deduced from the requested URL, www. is always stripped afterwards and then a dot added in front.

So, you will need to hack bootstrap.inc to remove the 3 lines which strip www. If you do, test it with different browsers because the purpose of these manipulations was to solve existing login problems (and to conform with RFC 2109).

Craaaaaapy. I guess there is

Hakulicious - December 3, 2008 - 08:24

Craaaaaapy. I guess there is no way around that then. I don't really want to hack the source code, because I will without a doubt forget to do it when updating in the future. I think I will just have to purchase a secondary domain name for this, which I've been thinking about doing anyways, as that will spread my http requests out to a second domain, allowing for more requests at one time. Still, it would be nice if this was an option within drupal.

Thanks for your help, I appreciate it.