XF 1.2 Migrate session cookies

[Chris H.]

We're undertaking some changes which are going to require us to have cookies be set at .example.com instead of www.example.com. That is, we are making the change to have our xf session cookie available to the subdomains.

Based on some testing in our staging environment, it does not appear that XF will rewrite cookies when the config['cookies'] block changes. So users that previously have a cookie set for www.example.com do not have their cookie updated to .example.com. Thus, the only way I've been able to get the session cookie on the subdomain is to logout and login again to start a new session with a new cookie being set.

Since this logout/login song and dance will be a bit of a nuisance, I'd like to find a way to automate this server-side. Any thoughts on what I might need to hook into in order to check for www.example.com session cookies and rewrite them to .example.com? Obviously the user will need to visit www.example.com first to get this rewrite to happen, but that won't be a problem in our case.

Thanks!

 

[Jake Bunce]

http://xenforo.com/community/threads/xenforos-handing-of-cookie-domains.15260/#post-200173

When dealing with two scopes that overlap I suggest changing the cookie prefix as well. That will invalidate all old cookies thereby avoiding such conflict.

 

[Chris H.]

Hi Jake, I do understand how to switch the cookie domain so that *new* cookies are generated as .example.com. However, it does not appear that existing cookies (think users that have "stay logged in" checked) are migrated from www.example.com to .example.com. So, like you mentioned, the only way within current functionality seems to be invalidating all existing cookies, which can be disruptive to the end user.

So, we're looking for a way to make the change without disrupting the user experience and forcing individuals to login again.