I'v tried adding the code from the documentation at http://drupal.org/node/1549332 in order to automate the assignment of cookies for multiple top level domains. Unfortunately, it looks like it is D6 specific since it is calling variables that are not in the D7 settings.php file. Is there any way this can be rewritten to work in D7?

Comments

agentrickard’s picture

Category: bug » support
Status: Active » Postponed (maintainer needs more info)

Not a bug.

Can you be more specific about what you are trying to do?

If you simply want a separate login cookie for each domain, leave $cookie_domain commented out in settings.php.

kihap’s picture

My understanding from the documentation (http://drupal.org/node/1348784 and http://drupal.org/node/1549332) is that users cannot log into multiple top level domains because Drupal will set the cookie for to the default domain or the first domain that is accessed and give that same cookie to any other "affiliate" domains if the user tries to log in simultaneously. And if that happens, it will prevent the user from logging in to the additional affiliate domains simultaneously. That is why I attempted to add the code from the documentation to settings.php.

Based on your response in #1 above, am I correct in assuming that in D7 this is not an issue because D7 will assign separate login cookies for each domain (a.k.a. affiliate) as long as $cookie_domain remains commented out in settings.php? Then I wouldn't need add anything. I am currently implementing the code structure below (from http://drupal.org/node/1348784) and it works in D7 but is tedious when adding many domains. If I understand you correctly, and could eliminate the code below altogether, there would be cause for celebration. If it is true then I would edit the documentation to state that the instructions only apply to D6.

 <?php
if (isset($_SERVER['HTTP_HOST']) && substr_count($_SERVER['HTTP_HOST'], 'parentdomain.com') > 0) {
$cookie_domain = '.parentdomain.com';
}
?>
agentrickard’s picture

Status: Postponed (maintainer needs more info) » Active

You only need the code above in the following case. Let's say you have 4 domains:

  • example.com
  • myothersite.com
  • one.example.com
  • two.example.com

If you leave $cookie_domain commented out in settings.php, each of those 4 domains will keep a separate login cookie. However, if you want a single login for *.example.com and a separate login for myexample.com, then you need code:

if (isset($_SERVER['HTTP_HOST']) && substr_count($_SERVER['HTTP_HOST'], 'example.com') > 0) {
$cookie_domain = '.example.com';
}

In most cases, leaving the default login behavior is fine. The real issue here is that you can't share cookies across example.com and myothersite.com.

The code samples you cite are designed for cases where there are multiple domains and where some of them might share a login, but not all of them do.

kihap’s picture

First off, thanks for putting this module together and being so helpful and responsive. You rock!

Just so I'm clear:

A) Using the code in #3 above would allow *.example.com sites to share the same login and any other sites with a different top level domain (such as myothersite.com) would have separate logins.

B) I can only get other sites that share the same TLD (myothersite.com, one.myothersite.com, two.myothersite.com, etc.) to share the same login by adding and ELSE statement to the code in #3 and basically repeating it with adjustments for the new TLD.

Is there a way to set all affiliate sites to share the same login regardless of the domain name? For example, getting all of the sites listed below to work with a single sign on?
example.com
myothersite.com
one.example.com
two.example.com

Thanks again!

agentrickard’s picture

A and B are correct.

I don't know about C. That's a single-sign on problem that I don't have an official recommendation for. The problem is that login cookies cannot be shared cross-domain.