In the way the cookie implementation is built in Yii right now, it doesn’t allow you to set the cookie params globally.
For example, i have a www.mydomain.com where i show my site, and a forum.mydomain.com where i show my forum.
In order to make the login stick for both sub-domains and to be able to use the autologin feature, i had to add extra settings in two distinct places:
'user'=>array(
'class'=>'application.components.MyCWebUser',
'allowAutoLogin'=>true,
'loginUrl'=> array('site/login'),
'identityCookie' => array('domain' => '.mydomain.com'),
),
'session' => array(
'class' => 'application.components.MyCDbHttpSession',
'connectionID' => 'db',
'sessionTableName' => 'cms_session',
'autoCreateSessionTable' => false,
'timeout' => 3600,
'sessionName'=>'PHPSESSID',
'cookieParams' => array('domain'=>'.mydomain.com'),
Now as you see i had to do it for the user component and for the session component.
The issue goes further, because, the forum is just a module of my site, but mapped as a sub-domain, when i do certain actions which needs to be sent to www.mydomain.com the CSRF Validation fails, because the token is not set for www. but for forum. , so in order to make this work, another component needs extra settings:
'request'=>array(
'class'=>'MyCHttpRequest',
'csrfTokenName' => 'csrf_token',
'enableCsrfValidation'=>true,
'enableCookieValidation'=>true,
'csrfCookie'=>array('domain'=>'.mydomain.com'),
),
Okay, so i already have 3 places from where i achieve same thing, which is pretty ugly.
Wouldn’t be more wise to treat CHttpCookie as a component and on initialization, the class params to be inherited by every other class that needs cookie access ? This way, we would set the options in a single place which is easier to manage. Of course, this could be created in a way that allows the developer to over ride the default settings when he sets a cookie manually.