Different sites served from the same domain share the session cookie name

Created on 4 July 2018, almost 6 years ago

Updated 17 October 2023, 8 months ago

Problem/Motivation

Two different Drupal installations on the same domain share the same session cookie name. This can be tested by serving the different installations over different ports.
This leads to being logged out of both when trying to login into them and is probably generally not a good idea to share a session cookie name between different sites.

Proposed resolution

Adding the hash salt to the session name before hashing it would create unique names for different sites.

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Needs work

Version

11.0 🔥

Component

User system →

Last updated about 20 hours ago

Maintained by
🇺🇸United States @moshe weitzman
🇧🇪Belgium @kristiaanvandeneynde

Created by

🇩🇪Germany daniel.bosen

Live updates comments and jobs are added and updated live.

DevDaysLisbon

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 8 months ago →
🇧🇪Belgium RandalV
Rerolled #35 against 10.1.x
Comment 8 months ago →
🇧🇪Belgium RandalV
Sorry, I forgot a closing ';'.
Comment 8 months ago →
🇧🇪Belgium RandalV
Sorry, I forgot a closing ';'.
Open in Jenkins → Open on Drupal.org →
Environment: PHP 8.2 & MySQL 8
last update 8 months ago
Custom Commands Failed

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024