Merge pull request #547 from sgerlach/cookie-domain

Checking for localhost in cookie domain setting
digininja · Mar 22, 2023 · 97c8d23 · 97c8d23
2 parents 271d1ab + 992e5cf
commit 97c8d23
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/dvwa/includes/dvwaPage.inc.php b/dvwa/includes/dvwaPage.inc.php
@@ -42,11 +42,12 @@
 
 $maxlifetime = 86400;
 $secure = false;
+$domain = parse_url($_SERVER['HTTP_HOST'], PHP_URL_HOST);
 
 session_set_cookie_params([
 	'lifetime' => $maxlifetime,
 	'path' => '/',
-	'domain' => $_SERVER['HTTP_HOST'],
+	'domain' => $domain,
 	'secure' => $secure,
 	'httponly' => $httponly,
 	'samesite' => $samesite