diff --git a/include/class.ostsession.php b/include/class.ostsession.php
index 7541e19ec04aba50072abb7e495e48725316f5c7..b99e5c99135589001de75e1162b5699befa88af8 100644
--- a/include/class.ostsession.php
+++ b/include/class.ostsession.php
@@ -25,19 +25,32 @@ class osTicketSession {
if(!$this->ttl)
$this->ttl=SESSION_TTL;
- if (!defined('DISABLE_SESSION') && !OsticketConfig::getDBVersion()) {
- //Set handlers.
- session_set_save_handler(
- array(&$this, 'open'),
- array(&$this, 'close'),
- array(&$this, 'read'),
- array(&$this, 'write'),
- array(&$this, 'destroy'),
- array(&$this, 'gc')
- );
- //Forced cleanup.
- register_shutdown_function('session_write_close');
- }
+ if (defined('DISABLE_SESSION') || OsticketConfig::getDBVersion())
+ return;
+
+ # Cookies
+ // Avoid setting a cookie domain without a dot, thanks
+ // http://stackoverflow.com/a/1188145
+ $domain = null;
+ if (isset($_SERVER['HTTP_HOST'])
+ && strpos($_SERVER['HTTP_HOST'], '.') !== false
+ && !Validator::is_ip($_SERVER['HTTP_HOST']))
+ $domain = $_SERVER['HTTP_HOST'];
+ session_set_cookie_params(86400, ROOT_PATH, $domain,
+ osTicket::is_https());
+
+ //Set handlers.
+ session_set_save_handler(
+ array(&$this, 'open'),
+ array(&$this, 'close'),
+ array(&$this, 'read'),
+ array(&$this, 'write'),
+ array(&$this, 'destroy'),
+ array(&$this, 'gc')
+ );
+ //Forced cleanup.
+ register_shutdown_function('session_write_close');
+
//Start the session.
session_name('OSTSESSID');
session_start();
diff --git a/main.inc.php b/main.inc.php
index 428a33e4a63ff98ef9e5b53b24b20f8babe0b74c..323a0a4550cbf2fed30e9e8843c37bc7b5f3451b 100644
--- a/main.inc.php
+++ b/main.inc.php
@@ -130,10 +130,6 @@
else
require(INCLUDE_DIR.'mysql.php');
- #Cookies
- session_set_cookie_params(86400, ROOT_PATH, $_SERVER['HTTP_HOST'],
- osTicket::is_https());
-
#CURRENT EXECUTING SCRIPT.
define('THISPAGE', Misc::currentURL());
define('THISURI', $_SERVER['REQUEST_URI']);