Index: branches/5.1.x/core/kernel/session/session.php
===================================================================
diff -u -N -r13462 -r13492
--- branches/5.1.x/core/kernel/session/session.php	(.../session.php)	(revision 13462)
+++ branches/5.1.x/core/kernel/session/session.php	(.../session.php)	(revision 13492)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: session.php 13462 2010-04-28 13:11:30Z alex $
+* @version	$Id: session.php 13492 2010-05-05 16:26:34Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -549,9 +549,63 @@
 	 */
 	function SetCookieDomain($domain)
 	{
-		$this->CookieDomain = substr_count($domain, '.') ? '.'.ltrim($domain, '.') : false;
+		// 1. localhost or other like it without "." in domain name
+		if (!substr_count($domain, '.')) {
+			// don't use cookie domain at all
+			$this->CookieDomain = false;
+			return ;
+		}
+
+		// 2. match using predefined cookie domains from configuration
+		$cookie_domains = $this->Application->ConfigValue('SessionCookieDomains');
+
+		if ($cookie_domains) {
+			$cookie_domains = array_map('trim', explode("\n", $cookie_domains));
+
+			foreach ($cookie_domains as $cookie_domain) {
+				if (ltrim($cookie_domain, '.') == $domain) {
+					$this->CookieDomain = $cookie_domain; // as defined in configuration
+					return ;
+				}
+			}
+		}
+
+		// 3. only will execute, when none of domains were matched at previous step
+		$this->CookieDomain = $this->_autoGuessDomain($domain);
 	}
 
+	/**
+	 * Auto-guess cookie domain based on $_SERVER['HTTP_HOST']
+	 *
+	 * @param $domain
+	 * @return string
+	 */
+	function _autoGuessDomain($domain)
+	{
+		static $cache = Array ();
+
+		if (!array_key_exists($domain, $cache)) {
+			switch ( substr_count($domain, '.') ) {
+				case 2:
+					// 3rd level domain (3 parts)
+					$cache[$domain] = substr($domain, strpos($domain, '.')); // with leading "."
+					break;
+
+				case 1:
+					// 2rd level domain (2 parts)
+					$cache[$domain] = '.' . $domain; // with leading "."
+					break;
+
+				default:
+					// more then 3rd level
+					$cache[$domain] = ltrim($domain, '.'); // without leading "."
+					break;
+			}
+		}
+
+		return $cache[$domain];
+	}
+
 	function SetGETName($get_name)
 	{
 		$this->GETName = $get_name;
@@ -715,6 +769,21 @@
 			$this->Application->HttpQuery->Cookie[$name] = $value;
 		}
 
+		$old_style_domains = Array (
+			// domain like in pre 5.1.0 versions
+			'.' . SERVER_NAME,
+
+			// auto-guessed domain (when user specified other domain in configuration variable)
+			$this->_autoGuessDomain(SERVER_NAME)
+		);
+
+		foreach ($old_style_domains as $old_style_domain) {
+			if ($this->CookieDomain != $old_style_domain) {
+				// new style cookie domain -> delete old style cookie to prevent infinite redirect
+				setcookie($name, $value, adodb_mktime() - 3600, $this->CookiePath, $old_style_domain, $this->CookieSecure);
+			}
+		}
+
 		setcookie($name, $value, $expires, $this->CookiePath, $this->CookieDomain, $this->CookieSecure);
 	}