UPDATE ON THE PROBLEM:
setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/', 'www.mywebsite.com');
but this fails.setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/');
results in the PHPSESSID I set being deleted.session_name
to rename the SESSION I set. This works but crashed my server severally after some minutes.I am working with PHP sessions on my website.
The session path was /folder, later on I changed to / to fit the new purpose.
Now, old users cant login.
It seems they now have two PHPSESSIDs stored on their browsers - one with path /folder and the other /.
What can I do to ensure that old users can login while ensuring that the session is sitewide with "/".
MORE INFORMATION
When I said two phpsessionid, refer to the image
A. session_set_cookie_params(864000, '/cv', '.website.com', 0, 1);
but fails to work if I use:
B. session_set_cookie_params(864000, '/', '.website.com', 0, 1);
UPDATE ON DELETING PHPSESSID WITH JAVASCRIPT
UPDATE ON DELETING PHPSESSID WITH PHP
var_dump($_COOKIE['PHPSESSID']);
what is returned is the value of the PHPSESSID with path /cvsetcookie ("PHPSESSID", "", time() - 3600);
fails.PHP Default Session Storage (File System): In PHP, by default session data is stored in files on the server. Each file is named after a cookie that is stored on the client computer. This session cookie (PHPSESSID) presumably survives on the client side until all windows of the browser are closed.
PHPSESSID – The PHPSESSID cookie is native to PHP and enables websites to store serialised state data. It is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie. (
I think you are mixing up things or you should go into more detail about your setup/problem.
PHP's session path is the location where session data is stored on your server, not the client. See the documentation: https://secure.php.net/manual/en/session.configuration.php#ini.session.save-path
You can move these files and replace/keep in case of collisions how you see fit. This is pretty much only restricted by read/write-permissions you have when accessing/moving stuff and your webserver-user (e.g. apache or nginx) or php-user has for reading/writing them from/to the new location.
If by "PHPSESSID in their browser" you mean the session id is part of your urls, that is a different PHP-setting, that should be disabled anyway, see notice in the documentation: https://secure.php.net/manual/en/session.configuration.php#ini.session.use-trans-sid
edit based on your updated question:
There already is a nice JS-based solution for expiring the old cookie. I would go with that. if you can't just do that, you could do a redirect to /cv
have a php-script there that reads the cookie and stores the data somewhere (a database for example based on the user_id) and expire the cookie. Then you can redirect to the old page, look for the "/"-cookie and restore the data. It's a very ugly hack, but I don't think you can get the cookie for each path in PHP, since it's server side and based on the session id provided by the client (but I might be wrong).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With