Stop putting cookies on the top unl.edu domain

unlcms / UNL-CMS

Drupal 7 implementation at the University of Nebraska–Lincoln

http://unlcms.unl.edu/

GNU General Public License v2.0

4 stars 13 forks source link

Stop putting cookies on the top unl.edu domain #909

Closed kabel closed 7 years ago

kabel commented 8 years ago

Session cookies should be assigned to the domain for which site they are for, not the overall .unl.edu parent domain. Putting them on the parent floods other servers with useless cookies and provide no value to the end-user.

ericras commented 7 years ago

All of the sites do not have $cookie_domain set in settings.php, so their cookies are scoped to .example.unl.edu

I think this problem is only happening with www.unl.edu:

In function drupal_settings_initialize() in bootstrap.inc

      if (strpos($cookie_domain, 'www.') === 0) {
        $cookie_domain = substr($cookie_domain, 4);
      }

ericras commented 7 years ago

https://www.drupal.org/node/458704

ericras commented 7 years ago

I think I have this solved by setting the top level site's settings.php to:

$cookie_domain = '.www.unl.edu';