How come cookie path doesn't take effect?
https://stackoverflow.com/questions/8199070
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
There are 2 projects under my Apache public_html root. One is "/project1" and the other is "/project2". Project 2 is just duplicate of project 1 but with some modification to fit a different goal. They have the same core code, so the session names used are the same.
I initialize session this way for project 1:
ini_set("session.cookie_path","/project1");
session_name("sid");
session_start();
And very similar for project 2:
ini_set("session.cookie_path","/project2");
session_name("sid");
session_start();
The cookie paths are not equal, so even with the same cookie name (here is 'sid'), PHP should be able to differentiate them.
But the fun is that when admin on project 1 logins, then the admin in project 2 is also interestingly logged in.
Solution
Some browser don't like cookies with path and without expiration, so you can add:
ini_set('session.cookie_lifetime', 3600);
The session cookie is sent only one time by PHP (if missing), then to force PHP to resend the cookie, with updated expiration time, after session_start() you can add:
session_regenerate_id();
