SessionConfiguration::getCookieDomain

protected SessionConfiguration::getCookieDomain(Request $request)

Return the session cookie domain.

The Set-Cookie response header and its domain attribute are defined in RFC 2109, RFC 2965 and RFC 6265 each one superseeding the previous version.

@returns string The session cookie domain.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request.

See also

http://tools.ietf.org/html/rfc2109

http://tools.ietf.org/html/rfc2965

http://tools.ietf.org/html/rfc6265

File

core/lib/Drupal/Core/Session/SessionConfiguration.php, line 121

Class

SessionConfiguration
Defines the default session configuration generator.

Namespace

Drupal\Core\Session

Code

protected function getCookieDomain(Request $request) {
  if (isset($this->options['cookie_domain'])) {
    $cookie_domain = $this->options['cookie_domain'];
  }
  else {
    $host = $request->getHost();
    // To maximize compatibility and normalize the behavior across user
    // agents, the cookie domain should start with a dot.
    $cookie_domain = '.' . $host;
  }

  // Cookies for domains without an embedded dot will be rejected by user
  // agents in order to defeat malicious websites attempting to set cookies
  // for top-level domains. Also IP addresses may not be used in the domain
  // attribute of a Set-Cookie header.
  if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) {
    return $cookie_domain;
  }
}
doc_Drupal
2016-10-29 09:41:59
Comments
Leave a Comment

Please login to continue.