Skip to content

Commit

Permalink
Update to Drupal 7.84. For more information, see https://www.drupal.o…
Browse files Browse the repository at this point in the history
  • Loading branch information
Pantheon Automation authored and CdrMarks committed Dec 13, 2021
1 parent 79b735d commit d5e2356
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
4 changes: 4 additions & 0 deletions CHANGELOG.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
Drupal 7.84, 2021-12-13
-----------------------
- Hotfix for session cookie domain on www subdomains

Drupal 7.83, 2021-12-01
-----------------------
- Initial support for PHP 8.1
Expand Down
12 changes: 11 additions & 1 deletion includes/bootstrap.inc
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.83');
define('VERSION', '7.84');

/**
* Core API compatibility.
Expand Down Expand Up @@ -834,6 +834,16 @@ function drupal_settings_initialize() {
if (!empty($_SERVER['HTTP_HOST'])) {
$cookie_domain = _drupal_get_cookie_domain($_SERVER['HTTP_HOST']);
}

// Drupal 7.83 included a security improvement whereby www. is no longer
// stripped from the cookie domain. However, this can cause problems with
// existing session cookies whereby some users are left unable to login. In
// order to avoid that, use the cookie domain (including leading dot) as the
// session name when a www. subdomain is in use.
// @see https://www.drupal.org/project/drupal/issues/2522002
if (strpos($session_name, 'www.') === 0) {
$session_name = $cookie_domain;
}
}
// Per RFC 2109, cookie domains must contain at least one dot other than the
// first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain.
Expand Down

0 comments on commit d5e2356

Please sign in to comment.