Invalid cookie domain when using non-standard HTTP Port #9898
Labels
Area: Environment
Issues & PRs related to the application environment
Status:Fix Proposed
A issue that has a PR related to it that provides a possible resolution
Issue
When SuiteCRM is deployed with a non-standard HTTP Port (Example: http://suitecrm.example.com:8080), then the Application sets cookies with a cookie domain that includes the Port (e.g.
suitecrm.example.com:8080
). This is rejected by the browser (tested with Firefox).Expected Behavior
The HTTP port is not part of the cookie domain.
Actual Behavior
The cookie is rejected because the cookie domain contains the port. Example response header:
Possible Fix
In
SugarApplication::setCookie
, after retrieving the domain from$_SERVER["HTTP_HOST"]
, split the value into domain name and port, and use only the domain name for the cookie:Steps to Reproduce
Note that the browser probably also emits a warning in the console. Firefox says:
Your Environment
The text was updated successfully, but these errors were encountered: