Index: includes/bootstrap.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v retrieving revision 1.145.2.3 diff -u -p -r1.145.2.3 bootstrap.inc --- includes/bootstrap.inc 7 May 2007 04:19:54 -0000 1.145.2.3 +++ includes/bootstrap.inc 8 Jun 2007 23:38:52 -0000 @@ -230,11 +230,16 @@ function drupal_unset_globals() { } /** - * Loads the configuration and sets the base URL correctly. + * Loads the configuration and sets the base URL, cookie domain, and + * session name correctly. */ function conf_init() { - global $db_url, $db_prefix, $base_url, $base_path, $base_root, $conf, $installed_profile; + global $base_url, $base_path, $base_root; + + // Export the following settings.php variables to the global namespace + global $db_url, $db_prefix, $cookie_domain, $conf, $installed_profile; $conf = array(); + include_once './'. conf_path() .'/settings.php'; if (isset($base_url)) { @@ -260,6 +265,32 @@ function conf_init() { $base_path = '/'; } } + + if ($cookie_domain) { + // If the user specifies the cookie domain, also use it for session name. + $session_name = $cookie_domain; + } + else { + // Otherwise use $base_url for session name. + $session_name = $base_url; + // We try to set the cookie domain to the hostname. + if (!empty($_SERVER['HTTP_HOST'])) { + $cookie_domain = $_SERVER['HTTP_HOST']; + } + } + // Strip leading periods, www., and port numbers from cookie domain. + $cookie_domain = ltrim($cookie_domain, '.'); + if (strpos($cookie_domain, 'www.') === 0) { + $cookie_domain = substr($cookie_domain, 4); + } + $cookie_domain = explode(':', $cookie_domain); + $cookie_domain = '.'. array_shift($cookie_domain); + // Per RFC 2109, cookie domains must contain at least one dot other than the + // first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain. + if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) { + ini_set('session.cookie_domain', $cookie_domain); + } + session_name('SESS'. md5($session_name)); } /** Index: sites/default/settings.php =================================================================== RCS file: /cvs/drupal/drupal/sites/default/Attic/settings.php,v retrieving revision 1.39.2.2 diff -u -p -r1.39.2.2 settings.php --- sites/default/settings.php 14 Mar 2007 19:33:40 -0000 1.39.2.2 +++ sites/default/settings.php 8 Jun 2007 23:38:52 -0000 @@ -137,27 +137,14 @@ ini_set('session.use_trans_sid', 0); ini_set('url_rewriter.tags', ''); /** - * We try to set the correct cookie domain. + * Drupal automatically generates a unique session cookie name for each site + * based on on its full domain name. If you have multiple domains pointing at + * the same Drupal site, you can either redirect them all to a single domain + * (see comment in .htaccess), or uncomment the line below and specify their + * shared base domain. Doing so assures that users remain logged in as they + * cross between your various domains. */ -if (isset($_SERVER['HTTP_HOST'])) { - $domain = '.'. preg_replace('`^www\.`', '', $_SERVER['HTTP_HOST']); - // Per RFC 2109, cookie domains must contain at least one dot other than the - // first. For hosts such as 'localhost', we don't set a cookie domain. - if (count(explode('.', $domain)) > 2) { - ini_set('session.cookie_domain', $domain); - } -} - -/** - * On some sites, multiple domains or subdomains may point to the same site. - * For instance, example.com may redirect to foo.example.com. In that case, - * the browser may confuse the cookies between the two domains, resulting in - * an inability to log in. In that case, uncomment the line below and set - * it to the more generic domain name. For instance, .example.com is more - * generic than .foo.example.com. Remember the leading period on the domain - * name, even if you wouldn't type it in your browser. - */ -#ini_set('session.cookie_domain', '.example.com'); +# $cookie_domain = 'example.com'; /** * Variable overrides: