Set the domain attribute to secure cookies for the 'remember me' option #3374
Description
I'm searching where is created the 'Cacti' cookie (This name seems to be the PHP session_name(); ) in order to modify the domain of this cookie.
Actually the domain of this cookie is "cacti.my-domain.org" and i would change it by "my-domain.com" to use this cookie in an extranet to display some graph.
It seems that this cookie is created by a PHP file, because then i disable JavaScript in Chrome or Firefox this cookie appear on https://cacti.my-domain.com/index.php
I tried to edit theses files, in vain
root@xxxxxxx:/usr/share/cacti/site# grep -e "setcookie" * -R
auth_changepassword.php: setcookie($cacti_session_name, null, -1, $config['url_path']);
auth_login.php: setcookie(session_name(), '', time() - 3600, $config['url_path']);
include/auth.php://setcookie(session_name(), '', 0, $config['url_path'], "wiconect.fr", 1);
include/csrf/csrf-magic.php: setcookie($GLOBALS['csrf']['cookie'], $val, time() + 3600, $config['url_path']);
install/index.php: setcookie(session_name(),'',time() - 3600, $config['url_path']);
lib/auth.php: setcookie('cacti_remembers', '', time() - 3600, $config['url_path']);
lib/auth.php: setcookie('cacti_remembers', $user['username'] . ',' . $nssecret, time()+(86400*30), $config['url_path']);
logout.php:setcookie(session_name(), '', time() - 3600, $config['url_path']);
root@xxxxxxx:/usr/share/cacti/site#
Cacti version : 1.1.28
Here is some screens on my first forum request :
https://forums.cacti.net/viewtopic.php?f=21&t=60757&sid=95f817d6424554f49b225bef3d21ff46