Magento 2 Cookie for specific domain without extra dotWhy this complex logic for cookie domain in session start?What's the correct cookie config for a Magento site split across multiple instances as subdomains?Dev/Staging/Live Cookie Domain For Non-www SitesHow can I set an explicit cookie domain and still loginHow to set cookies in Magento for WWW domainSet cookie path and cookie domain in Magento for multi storeUsers can' t login at https store because of double frontend cookieSubdomain CookieMagento 2, overriding cookie module, domain name is not set correctlyCan't login to staging servers without deleting cookies first. Magento 1.9
How do I make my photos have more impact?
If the Moon were impacted by a suitably sized meteor, how long would it take to impact the Earth?
Efficiently finding furthest two nodes in a graph
Antonym of "Megalomania"
When encrypting twice with two separate keys, can a single key decrypt both steps?
How to efficiently shred a lot of cabbage?
What language is Raven using for her attack in the new 52?
My employer is refusing to give me the pay that was advertised after an internal job move
Can living where Earth magnet ore is abundent provide any protection?
Should students have access to past exams or an exam bank?
Why did some Apollo missions carry a grenade launcher?
Complaints from (junior) developers against solution architects: how can we show the benefits of our work and improve relationships?
"DDoouubbllee ssppeeaakk!!"
Prepare a user to perform an action before proceeding to the next step
Is Ear Protection Necessary For General Aviation Airplanes?
How to choose using Collection<Id> rather than Collection<String>, or the opposite?
Why does the Rust compiler not optimize code assuming that two mutable references cannot alias?
On the sensitivity conjecture?
Should I put my name first, or last in the team members list
Using Python in a Bash Script
What are the closest international airports in different countries?
Would people understand me speaking German all over Europe?
Why does one get the wrong value when printing counters together?
Unique custom field - contact creation
Magento 2 Cookie for specific domain without extra dot
Why this complex logic for cookie domain in session start?What's the correct cookie config for a Magento site split across multiple instances as subdomains?Dev/Staging/Live Cookie Domain For Non-www SitesHow can I set an explicit cookie domain and still loginHow to set cookies in Magento for WWW domainSet cookie path and cookie domain in Magento for multi storeUsers can' t login at https store because of double frontend cookieSubdomain CookieMagento 2, overriding cookie module, domain name is not set correctlyCan't login to staging servers without deleting cookies first. Magento 1.9
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I am trying to set the cookie for the specific domain(as I have multiple websites and I don't want to share them) so for this, I changed the configuration as OOTB Magento provides this feature (Stores > Configuration > General > Web Default Cookie Settings > Cookie Domain) and I added my domain and set the Cookie Path / and saved the configuration, clear cache, cookies . On the frontend side, I can see all cookie set to the to my domain expect form_key which is adding extra .(dot)
So is this correct way or am I missing something to set the cookie for the specific domain? and another question is
Why Magento adding . (dot) to only form_key cookie?
magento2 cookie multidomain multi-website magento-2.2.5
asked Jul 30 '18 at 12:04
Keyur ShahKeyur Shah
13.9k2 gold badges44 silver badges67 bronze badges
add a comment |
I am trying to set the cookie for the specific domain(as I have multiple websites and I don't want to share them) so for this, I changed the configuration as OOTB Magento provides this feature (Stores > Configuration > General > Web Default Cookie Settings > Cookie Domain) and I added my domain and set the Cookie Path / and saved the configuration, clear cache, cookies . On the frontend side, I can see all cookie set to the to my domain expect form_key which is adding extra .(dot)
So is this correct way or am I missing something to set the cookie for the specific domain? and another question is
Why Magento adding . (dot) to only form_key cookie?
magento2 cookie multidomain multi-website magento-2.2.5
asked Jul 30 '18 at 12:04
Keyur ShahKeyur Shah
13.9k2 gold badges44 silver badges67 bronze badges
add a comment |
I am trying to set the cookie for the specific domain(as I have multiple websites and I don't want to share them) so for this, I changed the configuration as OOTB Magento provides this feature (Stores > Configuration > General > Web Default Cookie Settings > Cookie Domain) and I added my domain and set the Cookie Path / and saved the configuration, clear cache, cookies . On the frontend side, I can see all cookie set to the to my domain expect form_key which is adding extra .(dot)
So is this correct way or am I missing something to set the cookie for the specific domain? and another question is
Why Magento adding . (dot) to only form_key cookie?
magento2 cookie multidomain multi-website magento-2.2.5
asked Jul 30 '18 at 12:04
Keyur ShahKeyur Shah
13.9k2 gold badges44 silver badges67 bronze badges
I am trying to set the cookie for the specific domain(as I have multiple websites and I don't want to share them) so for this, I changed the configuration as OOTB Magento provides this feature (Stores > Configuration > General > Web Default Cookie Settings > Cookie Domain) and I added my domain and set the Cookie Path / and saved the configuration, clear cache, cookies . On the frontend side, I can see all cookie set to the to my domain expect form_key which is adding extra .(dot)
So is this correct way or am I missing something to set the cookie for the specific domain? and another question is
Why Magento adding . (dot) to only form_key cookie?
magento2 cookie multidomain multi-website magento-2.2.5
magento2 cookie multidomain multi-website magento-2.2.5
asked Jul 30 '18 at 12:04
Keyur ShahKeyur Shah
13.9k2 gold badges44 silver badges67 bronze badges
asked Jul 30 '18 at 12:04
Keyur ShahKeyur Shah
13.9k2 gold badges44 silver badges67 bronze badges
edited Jul 30 '18 at 15:49
Keyur Shah
asked Jul 30 '18 at 12:04
Keyur ShahKeyur Shah
13.9k2 gold badges44 silver badges67 bronze badges
asked Jul 30 '18 at 12:04
Keyur ShahKeyur Shah
13.9k2 gold badges44 silver badges67 bronze badges
asked Jul 30 '18 at 12:04
Keyur ShahKeyur Shah
13.9k2 gold badges44 silver badges67 bronze badges
13.9k2 gold badges44 silver badges67 bronze badges
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Before worrying about why it happens, you may want to consider whether it's actually a problem for you. It seems to be that having a leading dot shouldn't be affecting cookie behaviour in the browser.
The leading dot means that the cookie is valid for subdomains as well. RFC 6265 Section 4.1.2.3 defines this as so modern browsers should ignore leading dots if you're on the base domain.
For example, if the value of the Domain attribute is
"example.com", the user agent will include the cookie in the Cookie
header when making HTTP requests to example.com, www.example.com, and
www.corp.example.com. (Note that a leading %x2E ("."), if present,
is ignored even though that character is not permitted, but a
trailing %x2E ("."), if present, will cause the user agent to ignore
the attribute.)
EDIT:
I've done a little bit of testing and it looks as though Magento wasn't actually sending the cookie domain with a leading dot as the Set-Cookie header by default, so this points the issue towards being browser behavious and how it handles the Set-Cookie headers.
Chrome dev tools network inspector:
Chrome dev tools cookie list:
I suspect that the cookies you seen without the leading dot are from cookies assigned by JS functions, rather than a Set-Cookie header.
EDIT 2:
As you mentioned in the comments below, the JS function PHP function for the cookie JS here does look like it adds the leading dot to the domain when the form_key is instantiated here, though any further communications with that form_key have the leading dot stripped in the headers too.
This could be a core bug, or it could be a configuration issue (I'm more inclined to think the former of the two)
answered Jul 31 '18 at 1:12
Rhys - SproutDeskRhys - SproutDesk
1217 bronze badges
1
Thanks for the answer :) +1 for info. What if I don't want to share cookie for a subdomain? Is there anyway?
– Keyur Shah
Jul 31 '18 at 6:17
@KeyurShah judging from the wording of the RFC I'd say it seems to try explain that any cookie assigned to the primary domain can be shared with a subdomain, by default.
– Rhys - SproutDesk
Jul 31 '18 at 10:11
1
Thanks a lot for more info @Rhys, yes, I have multistore with a number of subdomains so to achieve this I changed the cookie domain (from the configuration as I mentioned in the question) and it works expectform_keyandPHPSESSIDcookie which addes leading dot that's why I am confused. might be you have some idea on this :)
– Keyur Shah
Jul 31 '18 at 11:41
2
I think I might have cracked it... I don't think Magento actually is sending the domain with a leading dot for the cookie. I believe it's the browser itself adding this. I turned off JavaScript in my browser and reloaded a blank Magento 2.3 with the cookie domain set up in the admin area and the headers returned withdomain=magento23.devin the Set-Cookie header for the HTML response. I believe the ones without the leading dots are being assigned to the browser by JS functions, so not susceptible to the same browser behaviour as when it comes via a header. snag.gy/JUT5qa.jpg
– Rhys - SproutDesk
Jul 31 '18 at 18:16
1
Hi, added a little more finding above. I'd say this could be a core bug that you're finding in your situation so maybe you should open a GitHub issue on this...
– Rhys - SproutDesk
Aug 1 '18 at 11:16
|
show 6 more comments
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "479"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f236478%2fmagento-2-cookie-for-specific-domain-without-extra-dot%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Before worrying about why it happens, you may want to consider whether it's actually a problem for you. It seems to be that having a leading dot shouldn't be affecting cookie behaviour in the browser.
The leading dot means that the cookie is valid for subdomains as well. RFC 6265 Section 4.1.2.3 defines this as so modern browsers should ignore leading dots if you're on the base domain.
For example, if the value of the Domain attribute is
"example.com", the user agent will include the cookie in the Cookie
header when making HTTP requests to example.com, www.example.com, and
www.corp.example.com. (Note that a leading %x2E ("."), if present,
is ignored even though that character is not permitted, but a
trailing %x2E ("."), if present, will cause the user agent to ignore
the attribute.)
EDIT:
I've done a little bit of testing and it looks as though Magento wasn't actually sending the cookie domain with a leading dot as the Set-Cookie header by default, so this points the issue towards being browser behavious and how it handles the Set-Cookie headers.
Chrome dev tools network inspector:
Chrome dev tools cookie list:
I suspect that the cookies you seen without the leading dot are from cookies assigned by JS functions, rather than a Set-Cookie header.
EDIT 2:
As you mentioned in the comments below, the JS function PHP function for the cookie JS here does look like it adds the leading dot to the domain when the form_key is instantiated here, though any further communications with that form_key have the leading dot stripped in the headers too.
This could be a core bug, or it could be a configuration issue (I'm more inclined to think the former of the two)
answered Jul 31 '18 at 1:12
Rhys - SproutDeskRhys - SproutDesk
1217 bronze badges
1
Thanks for the answer :) +1 for info. What if I don't want to share cookie for a subdomain? Is there anyway?
– Keyur Shah
Jul 31 '18 at 6:17
@KeyurShah judging from the wording of the RFC I'd say it seems to try explain that any cookie assigned to the primary domain can be shared with a subdomain, by default.
– Rhys - SproutDesk
Jul 31 '18 at 10:11
1
Thanks a lot for more info @Rhys, yes, I have multistore with a number of subdomains so to achieve this I changed the cookie domain (from the configuration as I mentioned in the question) and it works expectform_keyandPHPSESSIDcookie which addes leading dot that's why I am confused. might be you have some idea on this :)
– Keyur Shah
Jul 31 '18 at 11:41
2
I think I might have cracked it... I don't think Magento actually is sending the domain with a leading dot for the cookie. I believe it's the browser itself adding this. I turned off JavaScript in my browser and reloaded a blank Magento 2.3 with the cookie domain set up in the admin area and the headers returned withdomain=magento23.devin the Set-Cookie header for the HTML response. I believe the ones without the leading dots are being assigned to the browser by JS functions, so not susceptible to the same browser behaviour as when it comes via a header. snag.gy/JUT5qa.jpg
– Rhys - SproutDesk
Jul 31 '18 at 18:16
1
Hi, added a little more finding above. I'd say this could be a core bug that you're finding in your situation so maybe you should open a GitHub issue on this...
– Rhys - SproutDesk
Aug 1 '18 at 11:16
|
show 6 more comments
Before worrying about why it happens, you may want to consider whether it's actually a problem for you. It seems to be that having a leading dot shouldn't be affecting cookie behaviour in the browser.
The leading dot means that the cookie is valid for subdomains as well. RFC 6265 Section 4.1.2.3 defines this as so modern browsers should ignore leading dots if you're on the base domain.
For example, if the value of the Domain attribute is
"example.com", the user agent will include the cookie in the Cookie
header when making HTTP requests to example.com, www.example.com, and
www.corp.example.com. (Note that a leading %x2E ("."), if present,
is ignored even though that character is not permitted, but a
trailing %x2E ("."), if present, will cause the user agent to ignore
the attribute.)
EDIT:
I've done a little bit of testing and it looks as though Magento wasn't actually sending the cookie domain with a leading dot as the Set-Cookie header by default, so this points the issue towards being browser behavious and how it handles the Set-Cookie headers.
Chrome dev tools network inspector:
Chrome dev tools cookie list:
I suspect that the cookies you seen without the leading dot are from cookies assigned by JS functions, rather than a Set-Cookie header.
EDIT 2:
As you mentioned in the comments below, the JS function PHP function for the cookie JS here does look like it adds the leading dot to the domain when the form_key is instantiated here, though any further communications with that form_key have the leading dot stripped in the headers too.
This could be a core bug, or it could be a configuration issue (I'm more inclined to think the former of the two)
answered Jul 31 '18 at 1:12
Rhys - SproutDeskRhys - SproutDesk
1217 bronze badges
1
Thanks for the answer :) +1 for info. What if I don't want to share cookie for a subdomain? Is there anyway?
– Keyur Shah
Jul 31 '18 at 6:17
@KeyurShah judging from the wording of the RFC I'd say it seems to try explain that any cookie assigned to the primary domain can be shared with a subdomain, by default.
– Rhys - SproutDesk
Jul 31 '18 at 10:11
1
Thanks a lot for more info @Rhys, yes, I have multistore with a number of subdomains so to achieve this I changed the cookie domain (from the configuration as I mentioned in the question) and it works expectform_keyandPHPSESSIDcookie which addes leading dot that's why I am confused. might be you have some idea on this :)
– Keyur Shah
Jul 31 '18 at 11:41
2
I think I might have cracked it... I don't think Magento actually is sending the domain with a leading dot for the cookie. I believe it's the browser itself adding this. I turned off JavaScript in my browser and reloaded a blank Magento 2.3 with the cookie domain set up in the admin area and the headers returned withdomain=magento23.devin the Set-Cookie header for the HTML response. I believe the ones without the leading dots are being assigned to the browser by JS functions, so not susceptible to the same browser behaviour as when it comes via a header. snag.gy/JUT5qa.jpg
– Rhys - SproutDesk
Jul 31 '18 at 18:16
1
Hi, added a little more finding above. I'd say this could be a core bug that you're finding in your situation so maybe you should open a GitHub issue on this...
– Rhys - SproutDesk
Aug 1 '18 at 11:16
|
show 6 more comments
Before worrying about why it happens, you may want to consider whether it's actually a problem for you. It seems to be that having a leading dot shouldn't be affecting cookie behaviour in the browser.
The leading dot means that the cookie is valid for subdomains as well. RFC 6265 Section 4.1.2.3 defines this as so modern browsers should ignore leading dots if you're on the base domain.
For example, if the value of the Domain attribute is
"example.com", the user agent will include the cookie in the Cookie
header when making HTTP requests to example.com, www.example.com, and
www.corp.example.com. (Note that a leading %x2E ("."), if present,
is ignored even though that character is not permitted, but a
trailing %x2E ("."), if present, will cause the user agent to ignore
the attribute.)
EDIT:
I've done a little bit of testing and it looks as though Magento wasn't actually sending the cookie domain with a leading dot as the Set-Cookie header by default, so this points the issue towards being browser behavious and how it handles the Set-Cookie headers.
Chrome dev tools network inspector:
Chrome dev tools cookie list:
I suspect that the cookies you seen without the leading dot are from cookies assigned by JS functions, rather than a Set-Cookie header.
EDIT 2:
As you mentioned in the comments below, the JS function PHP function for the cookie JS here does look like it adds the leading dot to the domain when the form_key is instantiated here, though any further communications with that form_key have the leading dot stripped in the headers too.
This could be a core bug, or it could be a configuration issue (I'm more inclined to think the former of the two)
answered Jul 31 '18 at 1:12
Rhys - SproutDeskRhys - SproutDesk
1217 bronze badges
Before worrying about why it happens, you may want to consider whether it's actually a problem for you. It seems to be that having a leading dot shouldn't be affecting cookie behaviour in the browser.
The leading dot means that the cookie is valid for subdomains as well. RFC 6265 Section 4.1.2.3 defines this as so modern browsers should ignore leading dots if you're on the base domain.
For example, if the value of the Domain attribute is
"example.com", the user agent will include the cookie in the Cookie
header when making HTTP requests to example.com, www.example.com, and
www.corp.example.com. (Note that a leading %x2E ("."), if present,
is ignored even though that character is not permitted, but a
trailing %x2E ("."), if present, will cause the user agent to ignore
the attribute.)
EDIT:
I've done a little bit of testing and it looks as though Magento wasn't actually sending the cookie domain with a leading dot as the Set-Cookie header by default, so this points the issue towards being browser behavious and how it handles the Set-Cookie headers.
Chrome dev tools network inspector:
Chrome dev tools cookie list:
I suspect that the cookies you seen without the leading dot are from cookies assigned by JS functions, rather than a Set-Cookie header.
EDIT 2:
As you mentioned in the comments below, the JS function PHP function for the cookie JS here does look like it adds the leading dot to the domain when the form_key is instantiated here, though any further communications with that form_key have the leading dot stripped in the headers too.
This could be a core bug, or it could be a configuration issue (I'm more inclined to think the former of the two)
answered Jul 31 '18 at 1:12
Rhys - SproutDeskRhys - SproutDesk
1217 bronze badges
edited Aug 1 '18 at 11:11
answered Jul 31 '18 at 1:12
Rhys - SproutDeskRhys - SproutDesk
1217 bronze badges
answered Jul 31 '18 at 1:12
Rhys - SproutDeskRhys - SproutDesk
1217 bronze badges
answered Jul 31 '18 at 1:12
Rhys - SproutDeskRhys - SproutDesk
1217 bronze badges
1217 bronze badges
1
Thanks for the answer :) +1 for info. What if I don't want to share cookie for a subdomain? Is there anyway?
– Keyur Shah
Jul 31 '18 at 6:17
@KeyurShah judging from the wording of the RFC I'd say it seems to try explain that any cookie assigned to the primary domain can be shared with a subdomain, by default.
– Rhys - SproutDesk
Jul 31 '18 at 10:11
1
Thanks a lot for more info @Rhys, yes, I have multistore with a number of subdomains so to achieve this I changed the cookie domain (from the configuration as I mentioned in the question) and it works expectform_keyandPHPSESSIDcookie which addes leading dot that's why I am confused. might be you have some idea on this :)
– Keyur Shah
Jul 31 '18 at 11:41
2
I think I might have cracked it... I don't think Magento actually is sending the domain with a leading dot for the cookie. I believe it's the browser itself adding this. I turned off JavaScript in my browser and reloaded a blank Magento 2.3 with the cookie domain set up in the admin area and the headers returned withdomain=magento23.devin the Set-Cookie header for the HTML response. I believe the ones without the leading dots are being assigned to the browser by JS functions, so not susceptible to the same browser behaviour as when it comes via a header. snag.gy/JUT5qa.jpg
– Rhys - SproutDesk
Jul 31 '18 at 18:16
1
Hi, added a little more finding above. I'd say this could be a core bug that you're finding in your situation so maybe you should open a GitHub issue on this...
– Rhys - SproutDesk
Aug 1 '18 at 11:16
|
show 6 more comments
1
Thanks for the answer :) +1 for info. What if I don't want to share cookie for a subdomain? Is there anyway?
– Keyur Shah
Jul 31 '18 at 6:17
@KeyurShah judging from the wording of the RFC I'd say it seems to try explain that any cookie assigned to the primary domain can be shared with a subdomain, by default.
– Rhys - SproutDesk
Jul 31 '18 at 10:11
1
Thanks a lot for more info @Rhys, yes, I have multistore with a number of subdomains so to achieve this I changed the cookie domain (from the configuration as I mentioned in the question) and it works expectform_keyandPHPSESSIDcookie which addes leading dot that's why I am confused. might be you have some idea on this :)
– Keyur Shah
Jul 31 '18 at 11:41
2
I think I might have cracked it... I don't think Magento actually is sending the domain with a leading dot for the cookie. I believe it's the browser itself adding this. I turned off JavaScript in my browser and reloaded a blank Magento 2.3 with the cookie domain set up in the admin area and the headers returned withdomain=magento23.devin the Set-Cookie header for the HTML response. I believe the ones without the leading dots are being assigned to the browser by JS functions, so not susceptible to the same browser behaviour as when it comes via a header. snag.gy/JUT5qa.jpg
– Rhys - SproutDesk
Jul 31 '18 at 18:16
1
Hi, added a little more finding above. I'd say this could be a core bug that you're finding in your situation so maybe you should open a GitHub issue on this...
– Rhys - SproutDesk
Aug 1 '18 at 11:16
1
1
Thanks for the answer :) +1 for info. What if I don't want to share cookie for a subdomain? Is there anyway?
– Keyur Shah
Jul 31 '18 at 6:17
Thanks for the answer :) +1 for info. What if I don't want to share cookie for a subdomain? Is there anyway?
– Keyur Shah
Jul 31 '18 at 6:17
@KeyurShah judging from the wording of the RFC I'd say it seems to try explain that any cookie assigned to the primary domain can be shared with a subdomain, by default.
– Rhys - SproutDesk
Jul 31 '18 at 10:11
@KeyurShah judging from the wording of the RFC I'd say it seems to try explain that any cookie assigned to the primary domain can be shared with a subdomain, by default.
– Rhys - SproutDesk
Jul 31 '18 at 10:11
1
1
Thanks a lot for more info @Rhys, yes, I have multistore with a number of subdomains so to achieve this I changed the cookie domain (from the configuration as I mentioned in the question) and it works expect
form_key and PHPSESSID cookie which addes leading dot that's why I am confused. might be you have some idea on this :)– Keyur Shah
Jul 31 '18 at 11:41
Thanks a lot for more info @Rhys, yes, I have multistore with a number of subdomains so to achieve this I changed the cookie domain (from the configuration as I mentioned in the question) and it works expect
form_key and PHPSESSID cookie which addes leading dot that's why I am confused. might be you have some idea on this :)– Keyur Shah
Jul 31 '18 at 11:41
2
2
I think I might have cracked it... I don't think Magento actually is sending the domain with a leading dot for the cookie. I believe it's the browser itself adding this. I turned off JavaScript in my browser and reloaded a blank Magento 2.3 with the cookie domain set up in the admin area and the headers returned with
domain=magento23.dev in the Set-Cookie header for the HTML response. I believe the ones without the leading dots are being assigned to the browser by JS functions, so not susceptible to the same browser behaviour as when it comes via a header. snag.gy/JUT5qa.jpg– Rhys - SproutDesk
Jul 31 '18 at 18:16
I think I might have cracked it... I don't think Magento actually is sending the domain with a leading dot for the cookie. I believe it's the browser itself adding this. I turned off JavaScript in my browser and reloaded a blank Magento 2.3 with the cookie domain set up in the admin area and the headers returned with
domain=magento23.dev in the Set-Cookie header for the HTML response. I believe the ones without the leading dots are being assigned to the browser by JS functions, so not susceptible to the same browser behaviour as when it comes via a header. snag.gy/JUT5qa.jpg– Rhys - SproutDesk
Jul 31 '18 at 18:16
1
1
Hi, added a little more finding above. I'd say this could be a core bug that you're finding in your situation so maybe you should open a GitHub issue on this...
– Rhys - SproutDesk
Aug 1 '18 at 11:16
Hi, added a little more finding above. I'd say this could be a core bug that you're finding in your situation so maybe you should open a GitHub issue on this...
– Rhys - SproutDesk
Aug 1 '18 at 11:16
|
show 6 more comments
Thanks for contributing an answer to Magento Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f236478%2fmagento-2-cookie-for-specific-domain-without-extra-dot%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
