I would like to change the default behaviour and configuration page layout to make life simpler, while not taking away the option for advanced admins to configure cookies the same way they currently do.
From the admins point of view, the default cookie configuration fields would all be blank, with the board determining a safe set of values, which could be over-ridden by an admin if desired, although the need for this should be rare, except where cookies are being shared with another application.
Going through the parameters:
- Cookie domain: No functional change, but the help text to be updated to recommend more strongly that it be left blank. I would also investigate further whether the leading dot in the cookie domain is still relevant today (I suspect not).
- Cookie Name: This should normally be left blank. In the case that it is left blank, the board will calculate a suitable value, by concatenating the board path with a cookie_version number which is incremented
- each time the cookie settings are saved,
- each time the sessions table is purged
- each time the board protocol (http:/https:) is changed
- Cookie path: This should be left blank, but internally defaults to the board path.
- Cookie secure: This should have a 3rd (default) option of Automatic, where the cookie secure value tracks the http: or https: configuration of the board.