Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
By reglogge on
Change record status:
Published (View all published change records)
Project:
Introduced in branch:
8.x
Introduced in version:
7.9
Issue links:
Description:
The example $cookie_domain variable in default.settings.php failed for sites with subdomains and did not meet RFC 2109 standards. When $cookie_domain contains only one dot, each subdomain like http://de.example.com and http://fr.example.com issues its own session cookie to the user which prevents the session remaining active when switching between domains.
Old implementation:
$cookie_domain = 'example.com';
Correct version:
$cookie_domain = '.example.com';
The patch corrects both the documentation of this functionality and the example given in default.settings.php.
Impacts:
Site builders, administrators, editors