From 942c6c07a643d8f2253b190882fae72aba3f0ea8 Mon Sep 17 00:00:00 2001
From: Eric Atkin <eatkin@certusllc.us>
Date: Thu, 28 May 2020 13:05:26 -0600
Subject: cur_domain is effectively equivalent to '.' + cur_domain and
 therefore negates the effect of wild_domain

---
 src/pyramid/authentication.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/pyramid/authentication.py b/src/pyramid/authentication.py
index 47570d5fc..1bddc1ff3 100644
--- a/src/pyramid/authentication.py
+++ b/src/pyramid/authentication.py
@@ -1035,8 +1035,8 @@ class AuthTktCookieHelper:
                 domains.append('.' + cur_domain.split('.', 1)[1])
             else:
                 domains.append(None)
-                domains.append(cur_domain)
                 if self.wild_domain:
+                    domains.append(cur_domain)
                     domains.append('.' + cur_domain)
 
         profile = self.cookie_profile(request)
-- 
cgit v1.2.3