#117917 by chx, greg, webchick et al: fix problems with the automatic domain extraction -- prevents users from logging in. Backport from HEAD.

sites/default/settings.php

@@ -137,8 +137,7 @@ ini_set('session.use_trans_sid',    0);
 ini_set('url_rewriter.tags',        '');
 
 /**
- * We try to set the correct cookie domain. If you are experiencing problems
+ * We try to set the correct cookie domain.
- * try commenting out the code below or specifying the cookie domain by hand.
  */
 if (isset($_SERVER['HTTP_HOST'])) {
   $domain = '.'. preg_replace('`^www.`', '', $_SERVER['HTTP_HOST']);
@@ -149,6 +148,17 @@ if (isset($_SERVER['HTTP_HOST'])) {
   }
 }
 
+/**
+ * On some sites, multiple domains or subdomains may point to the same site.
+ * For instance, example.com may redirect to foo.example.com. In that case,
+ * the browser may confuse the cookies between the two domains, resulting in
+ * an inability to log in. In that case, uncomment the line below and set
+ * it to the more generic domain name. For instance, .example.com is more
+ * generic than .foo.example.com. Remember the leading period on the domain
+ * name, even if you wouldn't type it in your browser.
+ */
+#ini_set('session.cookie_domain', '.example.com');
+
 /**
  * Variable overrides:
  *