Set default cookie path to app's base path instead of "/".

This allows running multiple apps in subfolders under document root, without interfering with each other or potentially other non-cake apps on same domain.
cakephp · Aug 15, 2014 · ec84c26 · ec84c26
1 parent df9c6ed
commit ec84c26
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 7 deletions.
diff --git a/src/Controller/Component/CookieComponent.php b/src/Controller/Component/CookieComponent.php
@@ -44,7 +44,7 @@ class CookieComponent extends Component {
  * - `path` - The path on the server in which the cookie will be available on.
  *   If path is set to '/foo/', the cookie will only be available within the
  *   /foo/ directory and all sub-directories such as /foo/bar/ of domain.
- *   The default value is the entire domain.
+ *   The default value is base path of app.
  * - `domain` - The domain that the cookie is available. To make the cookie
  *   available on all subdomains of example.com set domain to '.example.com'.
  * - `secure` - Indicates that the cookie should only be transmitted over a
@@ -58,7 +58,7 @@ class CookieComponent extends Component {
  * @var array
  */
 	protected $_defaultConfig = [
-		'path' => '/',
+		'path' => null,
 		'domain' => '',
 		'secure' => false,
 		'key' => null,
@@ -138,6 +138,10 @@ public function __construct(ComponentRegistry $collection, array $config = array
 			$this->_request = Request::createFromGlobals();
 		}
 
+		if (empty($this->_config['path'])) {
+			$this->config('path', $this->_request->base ?: '/');
+		}
+
 		if ($controller && isset($controller->response)) {
 			$this->_response = $controller->response;
 		} else {

diff --git a/src/Network/Request.php b/src/Network/Request.php
@@ -156,7 +156,13 @@ class Request implements \ArrayAccess {
  */
 	public static function createFromGlobals() {
 		list($base, $webroot) = static::_base();
-		$sessionConfig = (array)Configure::read('Session') + ['defaults' => 'php'];
+		$sessionConfig = Hash::merge(
+			[
+				'defaults' => 'php',
+				'ini' => ['session.cookie_path' => $base ?: '/']
+			],
+			(array)Configure::read('Session')
+		);
 		$config = array(
 			'query' => $_GET,
 			'post' => $_POST,
@@ -209,10 +215,6 @@ public function __construct($config = array()) {
 			'input' => null,
 		);
 
-		if (empty($config['session'])) {
-			$config['session'] = new Session();
-		}
-
 		$this->_setConfig($config);
 	}
 
@@ -227,6 +229,12 @@ protected function _setConfig($config) {
 			$config['url'] = substr($config['url'], 1);
 		}
 
+		if (empty($config['session'])) {
+			$config['session'] = new Session([
+				'ini' => ['session.cookie_path' => $config['base'] ?: '/']
+			]);
+		}
+
 		$this->url = $config['url'];
 		$this->base = $config['base'];
 		$this->cookies = $config['cookies'];