How can I limit a cookie to “/admin” on my domain?

Question

How can I make the cookie session.cookie_path only available for the module "/admin/"?

Zend Framework Code:

// Se Login?
public static function isLoggedIn() {
    $namespace = new Zend_Session_Namespace('Zend_Auth');
    $namespace->setExpirationSeconds(60*5); //5 Minutos dura una session

    $namespace->cookie_path = '/admin/'

    return Zend_Auth::getInstance()->hasIdentity();
}

I can't get PHPSESSION to have the path set to '/admin/'. PHPSESSION always has the path set to '/' in the cookie. ;-(

Answer 1

typeoneerror is almost there. You're gonna want to use the setting "cookie_path" and not "cookie_domain"

Example:

    Zend_Session::setOptions(array(
        'cookie_lifetime' => 0,
        'cookie_path'     => "/admin",
        'cookie_domain'   => ".test.com",
        'cookie_secure'   => false,
        'cookie_httponly' => true
    ));

Answer 2

If I understand you correctly, you want to limit the cookie to "/admin" on the domain? you need to pass cookie_path as options to Zend_Session, not its _Namespace partner:

$settings = array("cookie_domain" => "/admin");
Zend_Session::setOptions($settings);

You can also start a session with a settings object:

Zend_Session::start($settings);

You could also store your settings in a config file:

$config = new Zend_Config_Ini('config.ini', 'development');
Zend_Session::setOptions($config->toArray());