Problem/Motivation
When using the trusted browser setting for a multidomain site, the cookie is not set properly leading to a faulty login on a specific domain with a trusted browser because the global cookie_domain variable is set as the default when submitting the configuration form (admin/config/people/tfa).
Proposed resolution
Proposal 1
Use the global cookie_domain variable to set the cookie and remove the cookie domain setting in the configuration form.
Proposal 2
Make it possible to add multiple cookie domains and add a check when setting the cookie to determine if the domain is allowed to be trusted.
Remaining tasks
I've included 2 patches for both proposals that could use a review.
Comment | File | Size | Author |
---|---|---|---|
add_multiple_cookie_domains.patch | 7.62 KB | jonas139 | |
| |||
use_global_cookie_domain.patch | 3.61 KB | jonas139 | |
|
Comments
Comment #2
JeroenTComment #3
DamienMcKenna