Configurable cookie domain

(Michael - #1

Continuing the discussion from Give me those authentication hooks! :smiley::

Something we came across in a different setting:

Is it possible (or would it be a good idea) to allow Discourse to set cookies to it’s domain, instead of only the hostname?

For instance like a setting called cookie_domain so if my hostname is I could set this to and access the cookies in my other application at

Use cases:

  • SSO
  • when and both point to Discourse, the cookies are currently not shared.

(Amit Friedmann) #2

Bumping it up.
In my DNS configuration, I use both http://<domain> and http://www.<domain> to reach the instance, and the cookies are not shared (e.g can be logged in in one and not in the other, or with another user in the other).


(Tomasz Stachewicz) #3

Might be a better idea to decide on one and 301 redirect the other.

(Michael - #4

That’s a bit of a different problem. The topic was more about SSO between applications :slight_smile:

(Amit Friedmann) #5

Yes, and according to your suggestion, the same solution :slight_smile:

(CJ) #6

Where does discourse set the cookies? E.g. the _t global cookie?

(CJ) #7

found it in the lib/auth/default_current_user_provider.rb