backdrop-contrib / domain

A domain-based access control system for Backdrop CMS
https://backdropcms.org/project/domain
3 stars 5 forks source link

Is there any need to add $cookie_domain to settings.php file? #40

Open izmeez opened 4 weeks ago

izmeez commented 4 weeks ago

Is there any need to add a $cookie_domain line in the settings.php file? $cookie_domain = '.example.com'; As suggested in the old comment, https://www.drupal.org/project/domain/issues/1559486#comment-10176824

izmeez commented 3 weeks ago

If the $cookie_domain = '.example.com'; is added to the settings.php file the user is not logged out when the line in the settings.php to include the domain module file is commented and then uncommented, as described in https://github.com/backdrop-contrib/domain/issues/39

izmeez commented 1 week ago

Now that issue #39 is fixed it leaves me wondering what other benefits having the `$cookie_domain = '.example.com'; may have.

izmeez commented 1 week ago

This is related to issue #32.

yorkshire-pudding commented 1 week ago

@izmeez - I tested this: With $cookie_domain set to primary domain, then logging in on any of the domains you are logged into all. Without $cookie_domain set, all the logins have to be done separately.

So whether do you or not might depend on use case and whether the same users have access on all domains:

I think the comment in settings.php is pretty clear and helpful:

/**
 * Backdrop automatically generates a unique session cookie name for each site
 * based on its full domain name. If you have multiple domains pointing at the
 * same Backdrop site, you can either redirect them all to a single domain (see
 * comment in .htaccess), or uncomment the line below and specify their shared
 * base domain. Doing so assures that users remain logged in as they cross
 * between your various domains. Make sure to always start the $cookie_domain
 * with a leading dot, as per RFC 2109.
 */
// $cookie_domain = '.example.com';
izmeez commented 1 week ago

@yorkshire-pudding Thanks for pointing that out. I had overlooked it being in the settings.php file by default. I am inclined to consider adding a reference to it in the domain install quickstart.