Description
| Q | A |
|---|---|
| Bug? | yes |
| New Feature? | no |
| Version | 1.4.1 |
Actual Behavior
Cookie coming from the same domain but different subdomain is ignored.
Expected Behavior
The cookie for subdomain should be caught and saved to cookie jar (unless current behavior is what you have initially planned).
Or, at least we should provide a way for developer to choose if he wants to restrict cookies to single domain.
Steps to Reproduce
Imagine that initial request is made to www.example.com which tries to set cookie for all subdomains:
.example.com
Lines 71-74 will ignore that cookie, since strpos('.example.com', 'www.example.com') will return false:
// Restrict setting cookie from another domain
if (false === strpos($cookie->getDomain(), $request->getUri()->getHost())) {
continue;
}Possible Solutions
A quick and dirty solution would be to simply switch the arguments inside strpos(), like this:
// Restrict setting cookie from another domain
if (false === strpos($request->getUri()->getHost(), $cookie->getDomain())) {
continue;
}I can make a pull request with that change if you find it appropriate.
However, as I have said earlier, it would be better to let the developer decide whether to accept different domain cookies or not.