Page 1 of 1

Wrong cookie domain when site runing on non default port

PostPosted: Thu Mar 06, 2014 3:49 pm
by vvetma
Hello,
we are running internal blog site in non-default port (8082 to be exact) and I had issues with administration site. After successful login, each action afterwords resulted in redirection to login page.

PivotX version: 2.3.9
Database type: MySQL

By searching for cause of the problem, i discovered that during initialization of PHP session invalid COOKIE DOMAIN was set.
Source file: objects.php
PHP class: Session
Approximate line number: 2045

In the constructor of Session class, predefined PHP variable $_SERVER["HTTP_HOST"] is used to determine valid cookie domain.
That value also contains a port number appended to the host name. (example: pivotx.pinecone.int:8082).

As far as I know at least Google Chrome and Firefox will discard such a cookie witch results in inability to identify session in any future HTTP request.
As a result, PivotX thinks I'm not logged in ($_SESSION["user"] variable is empty).

Re: Wrong cookie domain when site runing on non default port

PostPosted: Thu Mar 06, 2014 5:55 pm
by hansfn
You are absolutely right. Thank you for the report. Fixed in revision 4355.