From 58a982e997b92c4b4fdcf3a1afb551e88d198d87 Mon Sep 17 00:00:00 2001
From: Mirko <mirko@primaverasound.com>
Date: Mon, 20 Nov 2017 13:19:17 +0100
Subject: [PATCH 1/4] allow to set cookie domain

---
 README.md          | 8 ++++++++
 src/JwtSession.php | 7 +++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e8b3e44..3f4c2b4 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,14 @@ $handler = new \ByJG\Session\JwtSession('your.domain.com', 'your super secret ke
 $handler->replaceSessionHandler(true);
 ```
 
+### Create the handler and replace the session handler, specifying cookie domain valid for all subdomains of mydomain.com
+
+```php
+<?php
+$handler = new \ByJG\Session\JwtSession('your.domain.com', 'your super secret key', null, null, '.mydomain.com');
+$handler->replaceSessionHandler(true);
+```
+
 ### How it works
 
 We store a cookie named AUTH_BEARER_<context name> with the session name. The PHPSESSID cookie is still created because
diff --git a/src/JwtSession.php b/src/JwtSession.php
index 1ed685a..d0cc20d 100644
--- a/src/JwtSession.php
+++ b/src/JwtSession.php
@@ -22,6 +22,8 @@ class JwtSession implements SessionHandlerInterface
 
     protected $suffix = "default";
 
+    protected $cookieDomain;
+
     /**
      * JwtSession constructor.
      *
@@ -29,12 +31,13 @@ class JwtSession implements SessionHandlerInterface
      * @param $secretKey
      * @param int $timeOutMinutes
      */
-    public function __construct($serverName, $secretKey, $timeOutMinutes = 20, $sessionContext = 'default')
+    public function __construct($serverName, $secretKey, $timeOutMinutes = 20, $sessionContext = 'default', $cookieDomain = null)
     {
         $this->serverName = $serverName;
         $this->secretKey = $secretKey;
         $this->timeOutMinutes = $timeOutMinutes;
         $this->suffix = $sessionContext;
+        $this->cookieDomain = $cookieDomain;
     }
 
     public function replaceSessionHandler($startSession = true)
@@ -174,7 +177,7 @@ public function write($session_id, $session_data)
         $token = $jwt->generateToken($data);
 
         if (!headers_sent()) {
-            setcookie(self::COOKIE_PREFIX . $this->suffix, $token);
+            setcookie(self::COOKIE_PREFIX . $this->suffix, $token, null, null, $this->cookieDomain);
         }
 
         return true;

From f4ae166316662bd10b9faebfb2e0b51f9b0f9a60 Mon Sep 17 00:00:00 2001
From: Mirko <mirko@primaverasound.com>
Date: Mon, 20 Nov 2017 13:28:44 +0100
Subject: [PATCH 2/4] respect previous default values

---
 src/JwtSession.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/JwtSession.php b/src/JwtSession.php
index d0cc20d..c6da6c6 100644
--- a/src/JwtSession.php
+++ b/src/JwtSession.php
@@ -31,12 +31,12 @@ class JwtSession implements SessionHandlerInterface
      * @param $secretKey
      * @param int $timeOutMinutes
      */
-    public function __construct($serverName, $secretKey, $timeOutMinutes = 20, $sessionContext = 'default', $cookieDomain = null)
+    public function __construct($serverName, $secretKey, $timeOutMinutes = null, $sessionContext = null, $cookieDomain = null)
     {
         $this->serverName = $serverName;
         $this->secretKey = $secretKey;
-        $this->timeOutMinutes = $timeOutMinutes;
-        $this->suffix = $sessionContext;
+        $this->timeOutMinutes = $timeOutMinutes ?: 20;
+        $this->suffix = $sessionContext ?: 'default';
         $this->cookieDomain = $cookieDomain;
     }
 

From 02bbc9e73f338a9a5c2cb2d7c27d9adf8445da39 Mon Sep 17 00:00:00 2001
From: Mirko <mirko@primaverasound.com>
Date: Wed, 20 Dec 2017 13:55:44 +0100
Subject: [PATCH 3/4] Set cookie always for root path, not current path

---
 src/JwtSession.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/JwtSession.php b/src/JwtSession.php
index c6da6c6..35e9198 100644
--- a/src/JwtSession.php
+++ b/src/JwtSession.php
@@ -177,7 +177,7 @@ public function write($session_id, $session_data)
         $token = $jwt->generateToken($data);
 
         if (!headers_sent()) {
-            setcookie(self::COOKIE_PREFIX . $this->suffix, $token, null, null, $this->cookieDomain);
+            setcookie(self::COOKIE_PREFIX . $this->suffix, $token, null, '/', $this->cookieDomain);
         }
 
         return true;

From 50ceef2aeab8cec313f4dca98c47de4af92abc30 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joao=20Gilberto=20Magalh=C3=A3es?= <joao@byjg.com.br>
Date: Mon, 19 Mar 2018 18:10:28 -0300
Subject: [PATCH 4/4] Minor changes in documentation and fix a notice in the
 example.

---
 README.md          | 3 +++
 src/JwtSession.php | 5 -----
 webtest/index.php  | 3 +--
 3 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 3f4c2b4..6657cd4 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,9 @@ To avoid this you have to create REDIS/MEMCACHED clusters.
 But if you save the session into JWT Token you do not need to create a new server.
 Just to use. 
 
+You can read more in this Codementor's article: 
+[Using JSON Web Token (JWT) as a PHP Session](https://www.codementor.io/byjg/using-json-web-token-jwt-as-a-php-session-axeuqbg1m)
+
 ## Security Information
 
 The JWT Token cannot be changed, but it can be read. 
diff --git a/src/JwtSession.php b/src/JwtSession.php
index 35e9198..1a9f43e 100644
--- a/src/JwtSession.php
+++ b/src/JwtSession.php
@@ -1,9 +1,4 @@
 <?php
-/**
- * User: jg
- * Date: 14/02/17
- * Time: 12:52
- */
 
 namespace ByJG\Session;
 
diff --git a/webtest/index.php b/webtest/index.php
index 1f82884..6f98ef5 100644
--- a/webtest/index.php
+++ b/webtest/index.php
@@ -7,10 +7,9 @@
     $handler->replaceSessionHandler(true);
 } else {
     echo "<H1>JWT Session is disabled</H1>";
+    session_start();
 }
 
-session_start();
-
 ?>
 
 <h1>JwtSession Demo</h1>