Development

#1847 (sfGuard(Doctrine)Plugin should have setting domain/path for remember cookie)

You must first sign up to be able to contribute.

Ticket #1847 (new enhancement)

Opened 1 year ago

Last modified 11 months ago

sfGuard(Doctrine)Plugin should have setting domain/path for remember cookie

Reported by: adrive Assigned to: fabien
Priority: minor Milestone:
Component: sfGuardPlugin Version:
Keywords: Cc:
Qualification:

Description

Like in title - sfGuard(Doctrine)Plugin should have setting domain/path for remember cookie, because now is used the acutal domain. If I am using multiple applications on their subdomains (app1.domain.tld, app2.domain.tld), I am unable to share remember cookie. because of missing settings.

Something like this should go to sfGuardSecurityUser.class.php about line 87, before sending cookies. 

            $cookieDefaults  = session_get_cookie_params();
            $remember_cookie = sfConfig::get( 'app_sf_guard_plugin_remember_cookie_name', 'sfRemember' );
            $cookie_path   = sfConfig::get('app_sf_guard_plugin_remember_cookie_path',   $cookieDefaults['path']);
            $cookie_domain = sfConfig::get('app_sf_guard_plugin_remember_cookie_domain', $cookieDefaults['domain']);

            sfContext::getInstance()->getResponse()->setCookie( $remember_cookie, $key, time() + $expiration_age, $cookie_path, $cookie_domain );

Or it may use the same settings like sfUser();

Also path/domainy may be necessary also when deleting cookies - in signout() few lines after.

Attachments

sfGuardSecurityUser.class.php.patch (1.9 kB) - added by adrive on 09/03/07 12:01:22.
Patch fixing this in sfGuardDoctrinePlugin

Change History

09/03/07 12:01:22 changed by adrive

  • attachment sfGuardSecurityUser.class.php.patch added.

Patch fixing this in sfGuardDoctrinePlugin

09/06/07 04:02:34 changed by Andrew.Headrick

Why can't we get this committed into the sfGuardDoctrinePlugin. This is such a simple fix and this ticket has been outstanding for quite a while. Instead of the patch if you just replace line 87 

 sfContext::getInstance()->getResponse()->setCookie( $remember_cookie, $key, time() + $expiration_age );

of sfGuardSecurityUser.class.php with 

sfContext::getInstance()->getResponse()->setCookie( $remember_cookie, $key, time() + $expiration_age, sfConfig::get('app_sf_guard_remember_cookie_path', '/'), sfConfig::get('app_sf_guard_remember_cookie_domain','') );

Then no old code will be broken and I can stop adding this one change to all the projects I create. I would be happy to commit myself but I don't have the permissions.

Thanks Andy