From 6dde5ce5718911d8e405eb590c68036ceaa6e608 Mon Sep 17 00:00:00 2001
From: Daniel Hensby <dhensby@silverstripe.com>
Date: Tue, 4 Oct 2016 14:21:32 +0100
Subject: [PATCH] FIX Absolute alternate_base_url no longer breaks session
 cookies

---
 control/Session.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/control/Session.php b/control/Session.php
index 9725783b2..e40018a4f 100644
--- a/control/Session.php
+++ b/control/Session.php
@@ -359,6 +359,15 @@ class Session {
 		$path = Config::inst()->get('Session', 'cookie_path');
 		if(!$path) $path = Director::baseURL();
 		$domain = Config::inst()->get('Session', 'cookie_domain');
+		// Director::baseURL can return absolute domain names - this extracts the relevant parts
+		// for the session otherwise we can get broken session cookies
+		if (Director::is_absolute_url($path)) {
+			$urlParts = parse_url($path);
+			$path = $urlParts['path'];
+			if (!$domain) {
+				$domain = $urlParts['host'];
+			}
+		}
 		$secure = Director::is_https() && Config::inst()->get('Session', 'cookie_secure');
 		$session_path = Config::inst()->get('Session', 'session_store_path');
 		$timeout = Config::inst()->get('Session', 'timeout');