scheb · scheb · Jul 26, 2016 · Jul 26, 2016
diff --git a/Security/TwoFactor/Trusted/TrustedCookieManager.php b/Security/TwoFactor/Trusted/TrustedCookieManager.php
@@ -101,8 +101,14 @@ public function createTrustedCookie(Request $request, $user)
         // Add token to user entity
         $this->trustedComputerManager->addTrustedComputer($user, $token, $validUntil);
 
+        $domain = null;
+        $requestHost = $request->getHost();
+        if ($requestHost !== 'localhost') {
+            $domain = '.' . $requestHost;
+        }
+
         // Create cookie
-        return new Cookie($this->cookieName, $tokenList, $validUntil, '/', '.' . $request->getHost(), $this->cookieSecure);
+        return new Cookie($this->cookieName, $tokenList, $validUntil, '/', $domain, $this->cookieSecure);
     }
 
     /**

diff --git a/Tests/Security/TwoFactor/Trusted/TrustedCookieManagerTest.php b/Tests/Security/TwoFactor/Trusted/TrustedCookieManagerTest.php
@@ -5,6 +5,7 @@
 use Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\TrustedCookieManager;
 use Symfony\Component\HttpFoundation\Cookie;
 use Scheb\TwoFactorBundle\Tests\TestCase;
+use Symfony\Component\HttpFoundation\Request;
 
 class TrustedCookieManagerTest extends TestCase
 {
@@ -186,6 +187,19 @@ public function createTrustedCookie_newTrustedToken_persistUserEntity()
 
         $this->cookieManager->createTrustedCookie($request, $user);
     }
+
+    /**
+     * @test
+     */
+    public function createTrustedCookie_localhostSkippedInCookie()
+    {
+        $request = Request::create('');
+        $user = $this->createMock('Scheb\TwoFactorBundle\Model\TrustedComputerInterface');
+
+        $cookie = $this->cookieManager->createTrustedCookie($request, $user);
+
+        $this->assertNull($cookie->getDomain());
+    }
 }
 
 /**