cakephp
Authentication->setIdentity isn't respecting Session.ini.session.cookie_path
Hello. I'm seeing something weird in my app right now when calling Authentication->setIdentity. The Session.ini.session.cookie_path is getting overriden with /. In Cake\Http\Session I can see an empty array sent to __construct which means this evaluates to that /.
$cookiePath = empty($config['cookiePath']) ? '/' : $config['cookiePath'];
My cookie will respect all the other ini options I'm setting in my config (cookie_samesite, cookie_lifetime), but not cookie_path.
return [
'Session' => [
'cookie' => 'cookiename.....',
'defaults' => 'database',
'ini' => [
'session.cookie_path' => "/path/",
'session.cookie_lifetime' => 60 * 60 * 24 * 3,
'session.cookie_samesite' => 'Lax',
]
]
];
cakephp/cakephp version: 4.3.10 cakephp/authentication version: 2.9.0
Since you tracked down the session construction, what is the stacktrace for the session creation? Generally it is supposed to happen during ServerRequestFactory::fromGlobals() during Http server setup, so the configuration should be present unless you are setting configuration after the request has been made.
This issue is stale because it has been open for 120 days with no activity. Remove the stale label or comment or this will be closed in 15 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}