Keep people logged in across subdomains in modern Drupal (and set services.yml per environment)
- Restrict Drupal 8 cookies (and so sessions) to a single full domain
- keep logged in across subdomains Drupal drupal 8 subdomain
- drupal 8 cookie domain
- drupal 8 services file per environment
It’s the nature of cookies to not work across domains, but you can make a cookie work for all subdomains of a given domain (subsite.example.com, www.example.com, and example.com).
By default, Drupal doesn’t promote that: Someone logging into www.example.com will not be logged into example.com.
Per an unedited sevices.yml:
# Drupal automatically generates a unique session cookie name based on the
# full domain name used to access the site. This mechanism is sufficient
# for most use-cases, including multi-site deployments. However, if it is
# desired that a session can be reused across different subdomains, the
# cookie domain needs to be set to the shared base domain. Doing so assures
# that users remain logged in as they cross between various subdomains.
# To maximize compatibility and normalize the behavior across user agents,
# the cookie domain should start with a dot.
#
# @default none
# cookie_domain: '.example.com'
So you can make a
/**
* Enable production-specific services.
*/
$settings['container_yamls'][] = DRUPAL_ROOT . '/sites/default/live.services.yml';
Hat tip to https://jimconte.com/blog/web/drupal-8-environment-specific-configurations