Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.145.2.3
diff -u -p -r1.145.2.3 bootstrap.inc
--- includes/bootstrap.inc	7 May 2007 04:19:54 -0000	1.145.2.3
+++ includes/bootstrap.inc	20 Jun 2007 13:45:16 -0000
@@ -230,7 +230,8 @@ function drupal_unset_globals() {
 }
 
 /**
- * Loads the configuration and sets the base URL correctly.
+ * Loads the configuration and sets the base URL, cookie domain, and
+ * session name correctly.
  */
 function conf_init() {
   global $db_url, $db_prefix, $base_url, $base_path, $base_root, $conf, $installed_profile;
@@ -260,6 +261,33 @@ function conf_init() {
       $base_path = '/';
     }
   }
+
+  $cookie_domain = ini_get('session.cookie_domain');
+  if ($cookie_domain) {
+    // If the cookie domain is set, also use it for session name.
+    $session_name = $cookie_domain;
+  }
+  else {
+    // Otherwise use $base_url for session name.
+    $session_name = $base_url;
+    // We try to set the cookie domain to the hostname.
+    if (!empty($_SERVER['HTTP_HOST'])) {
+      $cookie_domain = $_SERVER['HTTP_HOST'];
+    }
+  }
+  // Strip leading periods, www., and port numbers from cookie domain.
+  $cookie_domain = ltrim($cookie_domain, '.');
+  if (strpos($cookie_domain, 'www.') === 0) {
+    $cookie_domain = substr($cookie_domain, 4);
+  }
+  $cookie_domain = explode(':', $cookie_domain);
+  $cookie_domain = '.'. $cookie_domain[0];
+  // Per RFC 2109, cookie domains must contain at least one dot other than the
+  // first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain.
+  if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) {
+    ini_set('session.cookie_domain', $cookie_domain);
+  }
+  session_name('SESS'. md5($session_name));
 }
 
 /**
Index: sites/default/settings.php
===================================================================
RCS file: /cvs/drupal/drupal/sites/default/Attic/settings.php,v
retrieving revision 1.39.2.2
diff -u -p -r1.39.2.2 settings.php
--- sites/default/settings.php	14 Mar 2007 19:33:40 -0000	1.39.2.2
+++ sites/default/settings.php	20 Jun 2007 13:45:17 -0000
@@ -137,18 +137,6 @@ ini_set('session.use_trans_sid',    0);
 ini_set('url_rewriter.tags',        '');
 
 /**
- * We try to set the correct cookie domain.
- */
-if (isset($_SERVER['HTTP_HOST'])) {
-  $domain = '.'. preg_replace('`^www\.`', '', $_SERVER['HTTP_HOST']);
-  // Per RFC 2109, cookie domains must contain at least one dot other than the
-  // first. For hosts such as 'localhost', we don't set a cookie domain.
-  if (count(explode('.', $domain)) > 2) {
-    ini_set('session.cookie_domain', $domain);
-  }
-}
-
-/**
  * On some sites, multiple domains or subdomains may point to the same site.
  * For instance, example.com may redirect to foo.example.com. In that case,
  * the browser may confuse the cookies between the two domains, resulting in