Session cookies lack the ability to set the domain

snapframework / snap

Top-level package for the official Snap Framework libraries, includes the snaplets API as well as infrastructure for sessions, auth, and templates.

http://snapframework.com/

BSD 3-Clause "New" or "Revised" License

455 stars 68 forks source link

Session cookies lack the ability to set the domain #104

Open cimmanon opened 10 years ago

cimmanon commented 10 years ago

The site I'm working on makes use of subdomains. We would like to allow our users to login once and have that session persist across all subdomains in addition to the primary domain. Currently, session cookies are set for the domain that was used when the session was started.

ozataman commented 10 years ago

I am not even sure if what you suggest is possible. Can a cookie have more than one domain? I've never had to do it that way, so I'm not sure. You typically end up playing some iframe tricks to achieve that kind of cross-domain integration...

ghost commented 10 years ago

You just set the cookie's domain to .example.com and it will be sent to all subdomains of example.com.

sopvop commented 9 years ago

@amontague is absolutely right here. rfc6265