Problem/Motivation

When using the trusted browser setting for a multidomain site, the cookie is not set properly leading to a faulty login on a specific domain with a trusted browser because the global cookie_domain variable is set as the default when submitting the configuration form (admin/config/people/tfa).

Proposed resolution

Proposal 1

Use the global cookie_domain variable to set the cookie and remove the cookie domain setting in the configuration form.

Proposal 2

Make it possible to add multiple cookie domains and add a check when setting the cookie to determine if the domain is allowed to be trusted.

Remaining tasks

I've included 2 patches for both proposals that could use a review.

CommentFileSizeAuthor
add_multiple_cookie_domains.patch7.62 KBjonas139
use_global_cookie_domain.patch3.61 KBjonas139
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

jonas139 created an issue. See original summary.

JeroenT’s picture

JeroenT
Primary language Dutch
Location 🇧🇪
CreditAttribution: JeroenT at iO commented
Status: Active » Needs review
DamienMcKenna’s picture

DamienMcKenna
Location NH, USA
CreditAttribution: DamienMcKenna at Mediacurrent commented
Version: 7.x-1.1 » 7.x-1.x-dev