From eecd0b1a386d2b655b2a473c7ff04562a0b69855 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Fri, 13 Sep 2013 14:38:26 +0000
Subject: [PATCH] Fixes cookie domain specification

if the domain given in HTTP_HOST variable happens to have a port
specification. Technically, the port specification should not be included in
the domain spec given in the cookie.

(And for the record, that makes no sense to me, seeing as a cookie would
otherwise be valid for all servers on any ports at a particular domain).
---
 include/class.ostsession.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/class.ostsession.php b/include/class.ostsession.php
index b99e5c991..fb840d2f8 100644
--- a/include/class.ostsession.php
+++ b/include/class.ostsession.php
@@ -35,7 +35,9 @@ class osTicketSession {
         if (isset($_SERVER['HTTP_HOST'])
                 && strpos($_SERVER['HTTP_HOST'], '.') !== false
                 && !Validator::is_ip($_SERVER['HTTP_HOST']))
-            $domain = $_SERVER['HTTP_HOST'];
+            // Remote port specification, as it will make an invalid domain
+            list($domain) = explode(':', $_SERVER['HTTP_HOST']);
+
         session_set_cookie_params(86400, ROOT_PATH, $domain,
             osTicket::is_https());
 
-- 
GitLab