Global cookie settings.

In the way the cookie implementation is built in Yii right now, it doesn’t allow you to set the cookie params globally.

For example, i have a www.mydomain.com where i show my site, and a forum.mydomain.com where i show my forum.

In order to make the login stick for both sub-domains and to be able to use the autologin feature, i had to add extra settings in two distinct places:




'user'=>array(

	'class'=>'application.components.MyCWebUser',

	'allowAutoLogin'=>true,

	'loginUrl'=>	array('site/login'),

        'identityCookie' => array('domain' => '.mydomain.com'),

		),

'session' => array(

            'class' => 'application.components.MyCDbHttpSession',

            'connectionID' => 'db',

            'sessionTableName'  =>  'cms_session',

            'autoCreateSessionTable'   =>  false,

            'timeout'   =>  3600,

            'sessionName'=>'PHPSESSID',

            'cookieParams' => array('domain'=>'.mydomain.com'),




Now as you see i had to do it for the user component and for the session component.

The issue goes further, because, the forum is just a module of my site, but mapped as a sub-domain, when i do certain actions which needs to be sent to www.mydomain.com the CSRF Validation fails, because the token is not set for www. but for forum. , so in order to make this work, another component needs extra settings:




'request'=>array( 

            'class'=>'MyCHttpRequest',

            'csrfTokenName'  =>  'csrf_token',

            'enableCsrfValidation'=>true,

            'enableCookieValidation'=>true,

            'csrfCookie'=>array('domain'=>'.mydomain.com'),

        ),



Okay, so i already have 3 places from where i achieve same thing, which is pretty ugly.

Wouldn’t be more wise to treat CHttpCookie as a component and on initialization, the class params to be inherited by every other class that needs cookie access ? This way, we would set the options in a single place which is easier to manage. Of course, this could be created in a way that allows the developer to over ride the default settings when he sets a cookie manually.