setting session.cookie.domain to multiple domains
1,050 views
Skip to first unread message
Steve Briggs
Sep 4, 2016, 1:46:23 PM9/4/16
to SimpleSAMLphp
In config.php there is a setting 'session.cookie.domain' and in the comments it says this can be used to make the session cookie available to several domains. However, there is no example of how to do this, whether using an array or otherwise. Does anyone have an example of how this can be set and used for multiple domains? Does this mean that SimpleSAMLphp session cookies can be read across multiple domains (SP's) and used to check authentication status? If not, what would it be used for and how?
Thanks!
-- Steve
/*
* Cookie domain.
*
* Can be used to make the session cookie available to several domains.
*
* Example:
* 'session.cookie.domain' => '.example.org',
*/
'session.cookie.domain' => null,
Jaime Perez Crespo
Sep 5, 2016, 3:58:32 AM9/5/16
to simple...@googlegroups.com
Hi Steve,
On 04 Sep 2016, at 19:46 PM, Steve Briggs <st...@wowpages.com> wrote:
> In config.php there is a setting 'session.cookie.domain' and in the comments it says this can be used to make the session cookie available to several domains. However, there is no example of how to do this, whether using an array or otherwise. Does anyone have an example of how this can be set and used for multiple domains? Does this mean that SimpleSAMLphp session cookies can be read across multiple domains (SP's) and used to check authentication status? If not, what would it be used for and how?
The example is already telling you how. Just place a dot in front of the domain, as described in RFC 2109. The cookie will then be available for the top domain as well as for all subdomains. Of course, that doesn’t mean you will be able to access the session from subdomains, unless they have access to the same session storage. The session cookie does not have any information at all by itself.
In any case, that’s not what you should do to check for authentication status of a user across domains. That’s what SAML was invented for, so just use it.
--
Jaime Pérez
UNINETT / Feide
jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
On 04 Sep 2016, at 19:46 PM, Steve Briggs <st...@wowpages.com> wrote:
> In config.php there is a setting 'session.cookie.domain' and in the comments it says this can be used to make the session cookie available to several domains. However, there is no example of how to do this, whether using an array or otherwise. Does anyone have an example of how this can be set and used for multiple domains? Does this mean that SimpleSAMLphp session cookies can be read across multiple domains (SP's) and used to check authentication status? If not, what would it be used for and how?
In any case, that’s not what you should do to check for authentication status of a user across domains. That’s what SAML was invented for, so just use it.
--
Jaime Pérez
UNINETT / Feide
jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Reply all
Reply to author
Forward
0 new messages