From bf954a961462f5817b1376d9f3c30a4a2ac61cbd Mon Sep 17 00:00:00 2001
From: Helmut Merz <helmutm@cy55.de>
Date: Tue, 10 Mar 2026 17:27:45 +0100
Subject: [PATCH] auth selection: cookie with optional domain parameter

---
 loops/server/auth.py      | 4 ++++
 loops/server/loginform.pt | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/loops/server/auth.py b/loops/server/auth.py
index 7af1298..d77a250 100644
--- a/loops/server/auth.py
+++ b/loops/server/auth.py
@@ -49,6 +49,10 @@ class LoginPageSelect(LoginPage):
     def showSelection(self):
         return getConfigAuthMethod() == 'cookie'
 
+    def authMethodCookieString(self):
+        domain = getattr(config, 'authentication_method_cookie_domain', None)
+        return 'document.cookie=`loops_auth_method=${this.value}; path=/; expires=Sun, 31 Jan 2027 12:00:00 UTC%s`' % (domain and f'; domain={domain}' or '')
+
 
 def getConfigAuthMethod():
     return getattr(config, 'authentication_method', 'legacy')
diff --git a/loops/server/loginform.pt b/loops/server/loginform.pt
index 6ec5ef6..a149e3f 100644
--- a/loops/server/loginform.pt
+++ b/loops/server/loginform.pt
@@ -31,7 +31,8 @@
         <select name="auth_method"
                 onchange="document.cookie=`loops_auth_method=${this.value}; path=/; expires=Sun, 31 Jan 2027 12:00:00 UTC`"
                 tal:define="meth view/authMethod"
-                tal:attributes="value meth">
+                tal:attributes="value meth;
+                                onchange view/authMethodCookieString">
            <option value="legacy" i18n:translate="authentication-method-legacy"
                    tal:attributes="selected python:meth=='legacy'">Legacy</option>
            <option value="oidc" i18n:translate="authentication-method-oidc"