In the way the cookie implementation is built in Yii right now, it doesn’t allow you to set the cookie params globally.
For example, i have a www.mydomain.com where i show my site, and a forum.mydomain.com where i show my forum.
In order to make the login stick for both sub-domains and to be able to use the autologin feature, i had to add extra settings in two distinct places:
'user'=>array( 'class'=>'application.components.MyCWebUser', 'allowAutoLogin'=>true, 'loginUrl'=> array('site/login'), 'identityCookie' => array('domain' => '.mydomain.com'), ), 'session' => array( 'class' => 'application.components.MyCDbHttpSession', 'connectionID' => 'db', 'sessionTableName' => 'cms_session', 'autoCreateSessionTable' => false, 'timeout' => 3600, 'sessionName'=>'PHPSESSID', 'cookieParams' => array('domain'=>'.mydomain.com'),
Now as you see i had to do it for the user component and for the session component.
The issue goes further, because, the forum is just a module of my site, but mapped as a sub-domain, when i do certain actions which needs to be sent to www.mydomain.com the CSRF Validation fails, because the token is not set for www. but for forum. , so in order to make this work, another component needs extra settings:
'request'=>array( 'class'=>'MyCHttpRequest', 'csrfTokenName' => 'csrf_token', 'enableCsrfValidation'=>true, 'enableCookieValidation'=>true, 'csrfCookie'=>array('domain'=>'.mydomain.com'), ),
Okay, so i already have 3 places from where i achieve same thing, which is pretty ugly.
Wouldn’t be more wise to treat CHttpCookie as a component and on initialization, the class params to be inherited by every other class that needs cookie access ? This way, we would set the options in a single place which is easier to manage. Of course, this could be created in a way that allows the developer to over ride the default settings when he sets a cookie manually.