How do I set the PATH in the PHPSESSID cookie?

Question

I have many projects running on my server all of which use PHP sessions for authentication.

Now since the PHPSESSID cookie sets the cookie path to '/' in the set-cookie header, this cookie is available throughout the domain, whereas I need it available only to the current application.

Because of this, the following problem occurs :

A user who is logged into mysite.com/application-1 automatically gets logged into

mysite.com/application-2
mysite.com/application-3
mysite.com/application-4

..etc

So, How do I set the path of the PHPSESSID cookie ?

Shakti Singh · Answer 1 · 2012-03-27T08:17:22.890

7

By default the session cookie get created with the current path until you change it to save cookie on any other path or '/'.

You may tell your script to save session cookie on the project specific directory. You can use the session_set_cookie_params for this. This must be called before the session_start()

session_set_cookie_params(0,'/dirname');

edited Mar 27 '12 at 08:17

answered Mar 27 '12 at 08:04

Shakti Singh

84,385
21
134
153

score 0 · Answer 2 · answered Mar 27 '12 at 08:47

0

You just need to specify session name for each site and it will separate their sessions from each other.

session_name("application-1");

answered Mar 27 '12 at 08:47

Alex Amiryan

1,374
1
18
30

1

This will expose the session ID to the other applications, opening an additional attack vector. – cdauth Feb 04 '22 at 11:27

How do I set the PATH in the PHPSESSID cookie?

2 Answers2

Linked