Having a weird issue with cakephp's auth component. The urls www.example.com and example.com are using different cookies for handling authentication. How can I make both urls use the same cookie? I know this is a very vague question but I'm not really sure what code I should be posting.
Asked
Active
Viewed 80 times
2 Answers
1
By not allowing both domains at the same time - while displaying the same content. Failure by design. Only allow one of the two, usually the www. one. The other should 301 redirect to that one
There are tons of scripts in the internet and here on SO on how to htaccess redirect. E.g: http://www.stepforth.com/resources/web-marketing-knowledgebase/non-www-redirect/#.U9b1fvnMnIY
mark
- 21,691
- 3
- 49
- 71
0
I think my answer for a similar question will work for what you're asking:
CakePHP keep session from main domain across to a subdomain
Sessions:
According to this page, to make the session cookie valid for all your subdomains and the top level domain, you actually need to set it yourself in your APP/config/bootstrap.php file:
ini_set('session.cookie_domain', '.domain.com');
Then, in your APP/config/core.php file, set Security to low:
Configure::write('Security.level', 'low');
"otherwise the referer_check will be set to the current HTTP_HOST in the CakeSession object line 441."
Cookies:
On this page it explains that you can use the 'domain' variable:
The domain name allowed to access the cookie. e.g. Use ‘.yourdomain.com’ to allow access from all your subdomains.
Per their example code:
<?php
public $components = array('Cookie');
public function beforeFilter() {
parent::beforeFilter();
$this->Cookie->name = 'baker_id';
$this->Cookie->time = 3600; // or '1 hour'
$this->Cookie->path = '/bakers/preferences/';
$this->Cookie->domain = 'example.com';
$this->Cookie->secure = true; // i.e. only sent if using secure HTTPS
$this->Cookie->key = 'qSI232qs*&sXOw!';
$this->Cookie->httpOnly = true;
}
