function SessionConfiguration::getCookieDomain
Return the session cookie domain.
The Set-Cookie response header and its domain attribute are defined in RFC 2109, RFC 2965 and RFC 6265 each one superseding the previous version.
@returns string|null The session cookie domain, or NULL if the calculated value is invalid.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The request.
See also
http://tools.ietf.org/html/rfc2109
http://tools.ietf.org/html/rfc2965
http://tools.ietf.org/html/rfc6265
1 call to SessionConfiguration::getCookieDomain()
- SessionConfiguration::getOptions in core/
lib/ Drupal/ Core/ Session/ SessionConfiguration.php - Returns a list of options suitable for passing to the session storage.
File
-
core/
lib/ Drupal/ Core/ Session/ SessionConfiguration.php, line 124
Class
- SessionConfiguration
- Defines the default session configuration generator.
Namespace
Drupal\Core\SessionCode
protected function getCookieDomain(Request $request) {
if (isset($this->options['cookie_domain'])) {
$cookie_domain = $this->options['cookie_domain'];
}
else {
$host = $request->getHost();
// To maximize compatibility and normalize the behavior across user
// agents, the cookie domain should start with a dot.
$cookie_domain = '.' . $host;
}
// Cookies for domains without an embedded dot will be rejected by user
// agents in order to defeat malicious websites attempting to set cookies
// for top-level domains. Also IP addresses may not be used in the domain
// attribute of a Set-Cookie header. IPv6 addresses will not pass the first
// test, so it's acceptable to bias the second test to IPv4.
if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) {
return $cookie_domain;
}
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.