Cookies amount for each SuiteCRM installation

💬 General Discussion
1

Hi,

We have a system where we host several instances of SuiteCRM 7.11.15 under the same domian. Our team is experiencing recurring “Session expiration” when working with several subdomains at the same time. Users that use only one subdomain, don’t experience this.

After many months debugging and searching for help (Session expiration in SuiteCRM and other PHP applications under same domain) we might have found the cause, but still not sure.

We learned that browsers have limit on the amount of cookies they can host under the same domain (https://stackoverflow.com/questions/5381526/what-are-the-current-cookie-limits-in-modern-browsers). Chrome has a default limit of 180 cookies. Seeing that each of our instances create around 20-30+ cookies, after using 8-10 of them, the limit is reached. Once the limit is reached, chrome deletes cookies (not sure about the order) causing a disconnection of the system.

Before SuiteCRM we were using SugarCRM, and we didn’t experience this issue.

I was checking, and SugarCRM didn’t generate as many cookies as SuiteCRM.
SugarCRM cookies of one subdomain (4):

Selection_277
Selection_277744×347 10.1 KB

SuiteCRM cookie of one subdomain(20+):

Selection_278
Selection_278794×914 33.7 KB

The only diference is that SuiteCRM creates a cookies for each path:

Selection_279
Selection_279791×900 30 KB

Selection_280
Selection_280811×912 33.5 KB

While SugarCRM use always the path “/”.

I checked in the code the function that creates the cookie. And I see this difference between SugarCRM and SuiteCRM:

SugarCRM 6.5.11:
include/MVC/SugarApplication.php (678-698)

public static function setCookie(
$name,
$value,
$expire = 0,
$path = ‘/’,
$domain = null,
$secure = false,
$httponly = false
)
{
if ( is_null($domain) )
if ( isset($_SERVER[“HTTP_HOST”]) )
$domain = $_SERVER[“HTTP_HOST”];
else
$domain = ‘localhost’;
if (!headers_sent())
setcookie($name,$value,$expire,$path,$domain,$secure,$httponly);
$_COOKIE[$name] = $value;
}

In SuiteCRM 7.11.15:
include/MVC/SugarApplication.php ( 818-843)

public static function setCookie(
$name,
$value,
$expire = 0,
$path = null,
$domain = null,
$secure = false,
$httponly = true
) {
if (isSSL()) {
$secure = true;
}
if ($domain === null) {
if (isset($_SERVER[“HTTP_HOST”])) {
$domain = $_SERVER[“HTTP_HOST”];
} else {
$domain = ‘localhost’;
}
}

    if (!headers_sent()) {
        setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
    }

    $_COOKIE[$name] = $value;
}

When calling the function “setCookie()” to build the cookies “ck_login_id_20”, “ck_login_language_20”, the path is never specified. So the function of PHP take the current path of the script, that is changing between different “/cache” folders. For the “sugar_user_theme” cookie, the path is specified to null (Line 441 same file).

Is there any reason of setting the default value of $path to “null”? Can we just change that to “/”, as in SugarCRM?

I tried changing the default value of $path to "/ in a TEST environment and it seemed to work just fine. We want to be sure there is no other reasons we might not see.

I we manage to have less cookies for each subdomain, we will have less problems reaching the max count of cookies per domain.

Thanks