Merge pull request #2 from mirkogeest/master

Allow to set cookie domain

Author: byjg

README.md

@@ -68,6 +68,14 @@ $handler = new \ByJG\Session\JwtSession('your.domain.com', 'your super secret ke
 $handler->replaceSessionHandler(true);
 ```
 
+### Create the handler and replace the session handler, specifying cookie domain valid for all subdomains of mydomain.com
+
+```php
+<?php
+$handler = new \ByJG\Session\JwtSession('your.domain.com', 'your super secret key', null, null, '.mydomain.com');
+$handler->replaceSessionHandler(true);
+```
+
 ### How it works
 
 We store a cookie named AUTH_BEARER_<context name> with the session name. The PHPSESSID cookie is still created because

src/JwtSession.php

@@ -22,19 +22,22 @@ class JwtSession implements SessionHandlerInterface
 
     protected $suffix = "default";
 
+    protected $cookieDomain;
+
     /**
      * JwtSession constructor.
      *
      * @param $serverName
      * @param $secretKey
      * @param int $timeOutMinutes
      */
-    public function __construct($serverName, $secretKey, $timeOutMinutes = 20, $sessionContext = 'default')
+    public function __construct($serverName, $secretKey, $timeOutMinutes = null, $sessionContext = null, $cookieDomain = null)
     {
         $this->serverName = $serverName;
         $this->secretKey = $secretKey;
-        $this->timeOutMinutes = $timeOutMinutes;
-        $this->suffix = $sessionContext;
+        $this->timeOutMinutes = $timeOutMinutes ?: 20;
+        $this->suffix = $sessionContext ?: 'default';
+        $this->cookieDomain = $cookieDomain;
     }
 
     public function replaceSessionHandler($startSession = true)
@@ -174,7 +177,7 @@ public function write($session_id, $session_data)
         $token = $jwt->generateToken($data);
 
         if (!headers_sent()) {
-            setcookie(self::COOKIE_PREFIX . $this->suffix, $token);
+            setcookie(self::COOKIE_PREFIX . $this->suffix, $token, null, '/', $this->cookieDomain);
         }
 
         return true;