Use drupal internal global variables instead of ini_get for cookies defualt [#2792975]

I found that the cookie_domain configured on settings.php was not properly honoured, I think using whatever drupal sets for its global variables a better approach.

Comment	File	Size	Author
#2	authcache-better_cookie_defaults-2792975-2.patch	777 bytes	hanoii
#2	7.x-2.x: PHP 5.3 & MySQL 5.5, D7 237 pass, 4 fail PHP 5.4 & MySQL 5.5, D7 237 pass, 4 fail PHP 5.5 & MySQL 5.5, D7 237 pass, 4 fail PHP 5.6 & MySQL 5.5, D7 237 pass, 4 fail PHP 7 & MySQL 5.5, D7 Skipped, branch did not pass for 4 weeks

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

31 August 2016 at 13:54

hanoii created an issue. See original summary.

Comment #2

hanoii

Spanish

🇦🇷UTC-3

CreditAttribution: hanoii commented 31 August 2016 at 13:54

Status:

Active

» Needs review

File	Size
authcache-better_cookie_defaults-2792975-2.patch	777 bytes
7.x-2.x: PHP 5.3 & MySQL 5.5, D7 237 pass, 4 fail PHP 5.4 & MySQL 5.5, D7 237 pass, 4 fail PHP 5.5 & MySQL 5.5, D7 237 pass, 4 fail PHP 5.6 & MySQL 5.5, D7 237 pass, 4 fail PHP 7 & MySQL 5.5, D7 Skipped, branch did not pass for 4 weeks

Comment #3

31 August 2016 at 13:58

Status:

Needs review

» Needs work

The last submitted patch, 2: authcache-better_cookie_defaults-2792975-2.patch, failed testing.

Comment #4

31 August 2016 at 13:58

The last submitted patch, 2: authcache-better_cookie_defaults-2792975-2.patch, failed testing.

Comment #5

31 August 2016 at 13:58

The last submitted patch, 2: authcache-better_cookie_defaults-2792975-2.patch, failed testing.

Comment #6

31 August 2016 at 13:58

The last submitted patch, 2: authcache-better_cookie_defaults-2792975-2.patch, failed testing.

Comment #7

31 August 2016 at 14:24

The last submitted patch, 2: authcache-better_cookie_defaults-2792975-2.patch, failed testing.

Comment #8

hanoii

Spanish

🇦🇷UTC-3

CreditAttribution: hanoii commented 31 August 2016 at 15:13

I am not sure why these are failing. I tried to run them, but on my local it behaves the same with or without the patch.

Comment #9

znerol CreditAttribution: znerol commented 1 September 2016 at 10:07

When running tests, make sure there is no configuration but the mysql connection and the hash salt in your settings.php.

Comment #10

znerol CreditAttribution: znerol commented 23 September 2016 at 08:13

Status:

Needs work

» Postponed (maintainer needs more info)

All cookie related ini settings are initialized during a normal bootstrap from within drupal_settings_initialize() and drupal_environment_initialize().

Especially note the following snipped from drupal_settings_initialize():

  // Per RFC 2109, cookie domains must contain at least one dot other than the
  // first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain.
  if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) {
    ini_set('session.cookie_domain', $cookie_domain);
  }

So the respective ini-setting is changed, but only only if $cookie_domain is valid. For that reason I think that using ini_get('session.cookie_domain') is safer than using the value directly.

What exactly is the problem you observed? How did you configure your site?