From 7b4034e98282614c8e45e9c9d660b02e2cea9281 Mon Sep 17 00:00:00 2001
From: Lester Caine <lester@lsces.co.uk>
Date: Sat, 30 May 2026 16:52:21 +0100
Subject: Fix invalid cookie domain when remember-me is active

parse_url(BIT_ROOT_URL, PHP_URL_HOST) returns null for a path-only URL;
the ?? '/' fallback set domain to '/' which browsers reject as invalid.
Use ?? '' so the domain attribute is omitted and the browser infers the
current host.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 includes/classes/RoleUser.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/classes/RoleUser.php b/includes/classes/RoleUser.php
index e1f2708..8f66210 100755
--- a/includes/classes/RoleUser.php
+++ b/includes/classes/RoleUser.php
@@ -1209,7 +1209,7 @@ class RoleUser extends \Bitweaver\Liberty\LibertyMime {
 			if( $gBitSystem->isFeatureActive( 'users_remember_me' ) && isset( $_REQUEST['rme'] ) && $_REQUEST['rme'] == 'on' ) {
 				$cookieTime = (int)( time() + (int)$gBitSystem->getConfig( 'users_remember_time', 86400 ));
 				$cookiePath = $gBitSystem->getConfig( 'cookie_path', $cookiePath );
-				$cookieDomain = parse_url(BIT_ROOT_URL, PHP_URL_HOST) ?? '/';
+				$cookieDomain = parse_url(BIT_ROOT_URL, PHP_URL_HOST) ?? '';
 				$gBitSystem->getConfig( 'cookie_domain', $cookieDomain);
 			}
 		}
-- 
cgit v1.3