How do I set the PATH in the PHPSESSID cookie?

Question

I have many projects running on my server all of which use PHP sessions for authentication.

Now since the PHPSESSID cookie sets the cookie path to '/' in the set-cookie header, this cookie is available throughout the domain, whereas I need it available only to the current application.

Because of this, the following problem occurs :

A user who is logged into mysite.com/application-1 automatically gets logged into

1. mysite.com/application-2
2. mysite.com/application-3
3. mysite.com/application-4

..etc

So, How do I set the path of the PHPSESSID cookie ?

Answer 1

By default the session cookie get created with the current path until you change it to save cookie on any other path or '/'.

You may tell your script to save session cookie on the project specific directory. You can use the session_set_cookie_params for this. This must be called before the session_start()

session_set_cookie_params(0,'/dirname');