setting cookies on local network is weird in some browsers

[ikkez]

setting Sessions and Cookies are using the JAR F3 var.

$jar=array(
    'expire'=>0,
    'path'=>$base?:'/',
    'domain'=>'.'.$_SERVER['SERVER_NAME'],
    'secure'=>($scheme=='https'),
    'httponly'=>TRUE
);

if $_SERVER['SERVER_NAME'] returns an IP address, the response header contains Set-Cookie: domain=.192.168.0.5
and because of the leading dot =. the cookies is rejected by some browser.

i recommend to include a condition that check's that and only adds the . if it's really a host name, and not an address.

[stevewasiura]

another dejavu. i mentioned this back on the old forum. http://sourceforge.net/projects/fatfree/forums/forum/1041717/topic/5047622

i recommend getting rid of the leading dot and setup your domain's dns to redirect any requests for domain.com to www.domain.com, thereby insuring the cookie is set for the proper domain. i believe that redirect also helps with search engines indexing your website correctly.