Add option to share cookies across subdomains

[Ryan J Ollos]

​SO:23086139/121694 describes setting the cookie domain attribute so that it's shared across subdomains.

[Ryan J Ollos]

Proposed change in t12251.patch​.

[Ryan J Ollos]

I did some additional testing today and the patch doesn't seem to be working the way I remember. I've configured my system with the following in /etc/hosts:

127.0.0.1 sub1.example.com
127.0.0.1 sub2.example.com

I created two Trac environments and I'm running tracd on port 8005. I access the two Trac instances through the URLs sub1.example.com/proj1 and sub2.example.com/proj2. I've set [trac] auth_cookie_domain to example.com.

When logging-in I can see the domain set in the header:

Set-Cookie:trac_auth=e9fb12b1b9a5d71e1234a86f845c13a4; Domain=example.com; httponly; Path=/proj2

I've tried with [trac] auth_cookie_path unset, as well as set to /. I was expecting that, after logging into one Trac instance I could refresh the page on the other, the second Trac instance would have the same trac_auth cookie value as the first and I'd be authenticated with the second Trac instance.

Does anyone see where I've made an error, either in the patch, or in my expectations of the behavior?

[Ryan J Ollos]

Replying to Ryan J Ollos:

Does anyone see where I've made an error, either in the patch, or in my expectations of the behavior?

I didn't understand that a Component such as ​SharedCookieAuthPlugin is needed to share authentication across projects. t12251.patch​ works correctly when SharedCookieAuthPlugin is enabled, so I propose to commit the change. In #12257 I propose to add the equivalent of SharedCookieAuthPlugin to tracopt.web.auth.

[Ryan J Ollos]

I considered that it might not be necessary to have a [trac] auth_cookie_domain option if the domain could be parsed from [trac] base_url. However, parsing the domain name from the URL seems to be non-trivial, as discussed in ​SO:1066947/121694.