protected SessionConfiguration::getCookieDomain(Request $request)
Return the session cookie domain.
The Set-Cookie response header and its domain attribute are defined in RFC 2109, RFC 2965 and RFC 6265 each one superseeding the previous version.
@returns string The session cookie domain.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The request.
See also
http://tools.ietf.org/html/rfc2109
http://tools.ietf.org/html/rfc2965
http://tools.ietf.org/html/rfc6265
File
- core/lib/Drupal/Core/Session/SessionConfiguration.php, line 121
Class
- SessionConfiguration
- Defines the default session configuration generator.
Namespace
Drupal\Core\Session
Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | protected function getCookieDomain(Request $request) { if (isset($this->options['cookie_domain'])) { $cookie_domain = $this->options['cookie_domain']; } else { $host = $request->getHost(); // To maximize compatibility and normalize the behavior across user // agents, the cookie domain should start with a dot. $cookie_domain = '.' . $host; } // Cookies for domains without an embedded dot will be rejected by user // agents in order to defeat malicious websites attempting to set cookies // for top-level domains. Also IP addresses may not be used in the domain // attribute of a Set-Cookie header. if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) { return $cookie_domain; }} |
Please login to continue.