Added support for setting session domain [#2040]

CHANGELOG.md

@@ -11,6 +11,7 @@
     * Added ability to filter enabled or disabled with bin/gpm index [#3187](https://github.com/getgrav/grav/pull/3187)
     * Added `$grav->getVersion()` or `grav.version` in twig to get the current Grav version [#3142](https://github.com/getgrav/grav/issues/3142)
     * Added second parameter to `$blueprint->flattenData()` to include every field, including those which have no data
+    * Added support for setting session domain [#2040](https://github.com/getgrav/grav/pull/2040)
 1. [](#bugfix)
     * Fixed issue with `content-security-policy` not being properly supported with `http-equiv` + support single quotes
     * Fixed CLI progressbar in `backup` and `security` commands to use styled output [#3198](https://github.com/getgrav/grav/issues/3198)

system/blueprints/config/system.yaml

@@ -1348,6 +1348,12 @@ form:
               validate:
                 type: bool
 
+            session.domain:
+              type: text
+              size: small
+              label: PLUGIN_ADMIN.SESSION_DOMAIN
+              help: PLUGIN_ADMIN.SESSION_DOMAIN_HELP
+
             session.path:
               type: text
               size: small

system/config/system.yaml

@@ -172,7 +172,8 @@ session:
   httponly: true                                 # Set session HTTP only. If true, indicates that cookies should be used only over HTTP, and JavaScript modification is not allowed.
   samesite: Lax                                  # Set session SameSite. Possible values are Lax, Strict and None. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
   split: true                                    # Sessions should be independent between site and plugins (such as admin)
-  path:
+  domain:                                        # Domain used by sessions.
+  path:                                          # Path used by sessions.
 
 gpm:
   releases: stable                               # Set to either 'stable' or 'testing'

system/src/Grav/Common/Service/SessionServiceProvider.php

@@ -43,19 +43,23 @@ class SessionServiceProvider implements ServiceProviderInterface
             $cookie_secure = (bool)$config->get('system.session.secure', false);
             $cookie_httponly = (bool)$config->get('system.session.httponly', true);
             $cookie_lifetime = (int)$config->get('system.session.timeout', 1800);
+            $cookie_domain = $config->get('system.session.domain');
             $cookie_path = $config->get('system.session.path');
             $cookie_samesite = $config->get('system.session.samesite', 'Lax');
+
+            if (null === $cookie_domain) {
+                $cookie_domain = $uri->host();
+                if ($cookie_domain === 'localhost') {
+                    $cookie_domain = '';
+                }
+            }
+
             if (null === $cookie_path) {
                 $cookie_path = '/' . trim(Uri::filterPath($uri->rootUrl(false)), '/');
             }
             // Session cookie path requires trailing slash.
             $cookie_path = rtrim($cookie_path, '/') . '/';
 
-            $cookie_domain = $uri->host();
-            if ($cookie_domain === 'localhost') {
-                $cookie_domain = '';
-            }
-
             // Activate admin if we're inside the admin path.
             $is_admin = false;
             if ($config->get('plugins.admin.enabled')) {