From 3b753aa69d41a7e637b63d6fec27de0ff44a4a2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maurice=20Preu=C3=9F=20=28envoyr=29?= <envoyr@froxlor.org>
Date: Wed, 25 Jan 2023 18:50:49 +0100
Subject: [PATCH] change session/cookie domain value, this prevents using the _
 server_name when using nginx
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Maurice Preuß (envoyr) <envoyr@froxlor.org>
---
 lib/Froxlor/UI/Panel/UI.php | 2 +-
 lib/init.php                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/Froxlor/UI/Panel/UI.php b/lib/Froxlor/UI/Panel/UI.php
index bf6ace515..cfe959eb8 100644
--- a/lib/Froxlor/UI/Panel/UI.php
+++ b/lib/Froxlor/UI/Panel/UI.php
@@ -95,7 +95,7 @@ public static function sendHeaders()
 		session_set_cookie_params([
 			'lifetime' => self::$install_mode ? 7200 : 600, // will be renewed based on settings in lib/init.php
 			'path' => '/',
-			'domain' => $_SERVER['SERVER_NAME'],
+			'domain' => explode(':', $_SERVER['HTTP_HOST'])[0],
 			'secure' => self::requestIsHttps(),
 			'httponly' => true,
 			'samesite' => 'Strict'
diff --git a/lib/init.php b/lib/init.php
index 16170a010..cf683be67 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -332,7 +332,7 @@
 	$cookie_params = [
 		'expires' => time() + Settings::Get('session.sessiontimeout'),
 		'path' => '/',
-		'domain' => $_SERVER['SERVER_NAME'],
+		'domain' => explode(':', $_SERVER['HTTP_HOST'])[0],
 		'secure' => UI::requestIsHttps(),
 		'httponly' => true,
 		'samesite' => 'Strict'