getgrav · MaxEvan · May 30, 2018
diff --git a/system/config/system.yaml b/system/config/system.yaml
@@ -138,6 +138,7 @@ session:
   secure: false                                  # Set session secure. If true, indicates that communication for this cookie must be over an encrypted transmission. Enable this only on sites that run exclusively on HTTPS
   httponly: true                                 # Set session HTTP only. If true, indicates that cookies should be used only over HTTP, and JavaScript modification is not allowed.
   split: true                                    # Sessions should be independent between site and plugins (such as admin)
+  domain: ''                                     # The domain used in the cookie.
   path:
 
 gpm:

diff --git a/system/src/Grav/Common/Service/SessionServiceProvider.php b/system/src/Grav/Common/Service/SessionServiceProvider.php
@@ -35,11 +35,9 @@ public function register(Container $container)
             if (null === $session_path) {
                 $session_path = '/' . ltrim(Uri::filterPath($uri->rootUrl(false)), '/');
             }
-            $domain = $uri->host();
-            if ($domain === 'localhost') {
-                $domain = '';
-            }
 
+            $domain = $config->get('system.session.domain', '');
+
             // Get session options.
             $secure = (bool)$config->get('system.session.secure', false);
             $httponly = (bool)$config->get('system.session.httponly', true);