Configurable cookie domain


(Michael - DiscourseHosting.com) #1

Continuing the discussion from Give me those authentication hooks! :smiley::

Something we came across in a different setting:

Is it possible (or would it be a good idea) to allow Discourse to set cookies to it’s domain, instead of only the hostname?

For instance like a setting called cookie_domain so if my hostname is forum.company.com I could set this to company.com and access the cookies in my other application at foo.company.com

Use cases:

  • SSO
  • when company.com and www.company.com both point to Discourse, the cookies are currently not shared.

(Amit Friedmann) #2

Bumping it up.
In my DNS configuration, I use both http://<domain> and http://www.<domain> to reach the instance, and the cookies are not shared (e.g can be logged in in one and not in the other, or with another user in the other).

Thx.


(Tomasz Stachewicz) #3

Might be a better idea to decide on one and 301 redirect the other.


(Michael - DiscourseHosting.com) #4

That’s a bit of a different problem. The topic was more about SSO between applications :slight_smile:


(Amit Friedmann) #5

Yes, and according to your suggestion, the same solution :slight_smile:


(CJ) #6

Where does discourse set the cookies? E.g. the _t global cookie?


(CJ) #7

found it in the lib/auth/default_current_user_provider.rb