Change the way cookies are named

[RowdyChildren]

At Code for Charlotte we have run into an issue with the way cookies are named on the staging/production sites what we did was simply change it from being the site name to it being and md5 hash of the site name. We are unsure if this is a global issue or only an issue we have.

[themightychris]

It's only an issue when you access a staging site through a subdomain of the live site, which is quite common, but I like the idea of hashing the site name to ensure the cookie name is always unique

[RowdyChildren]

That is what I did on our production and staging sites, it solved the issues. I am actually using sha1 Session::$cookieName = sha1($_SERVER['HTTP_HOST']); I just added that line to Session.config.php. I came up with the idea so I wouldn't have to worry about pulling the Session.config.php to the production site and wind up with a cookie collision.

[themightychris]

You should use sha1(Site::getConfig('handle')) or sha1(Site::getConfig('primary_hostname')) instead.

Using HTTP_HOST means codeforcharlotte.org and www.codeforcharlotte.org wouldn't share a session

[RowdyChildren]

That works much better ;)

[titlecharacter]

@RowdyChildren Can we close this one out?

[RowdyChildren]

I am not sure if the issue ever got corrected

— Sent from Mailbox by Riley Childs https://rileychilds.me

On Sat, Oct 3, 2015 at 6:05 PM, Ben Novack notifications@github.com wrote:

@RowdyChildren Can we close this one out?

Reply to this email directly or view it on GitHub: https://github.com/CfABrigadePhiladelphia/laddr/issues/85#issuecomment-145293821

[themightychris]

@RowdyChildren @bennovack this was fixed upstream in JarvusInnovations/emergence-skeleton@eea4b03db621c5395c9c1dedd6e5428e4e1cfc84

I've pulled it to v2.laddr.us and v1.laddr.us