How to avoid cross-reading between different directories under the same domain?

Question

How to avoid cross-reading between different directories under the same domain? For example,

setcookie('username', $username, strtotime('+1 months'), '/jp/', '.localdomain.com');
setcookie('username', $username, strtotime('+1 months'), '/cn/', '.localdomain.com');

When I use $_COOKIE['username'] to read the value under

/jp/

or

/cn/

respectively? I am using PHP.

Answer 1

To maintain a number of different sessions on the same domain, you need to adjust your session cookie parameters. It's like the cookie parameters but specifically for the session cookie.

Answer 2

If you set a cookie path, that cookie should apply to the path and its subdirectories only. I can see nothing in the manual that says otherwise, and if there are known problems with a function they most often are mentioned in the User Contributed Notes.

The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain . If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain . The default value is the current directory that the cookie is being set in.

• Can you confirm 100% that a cookie value set for /jp/ is available in /cn/?
• Could it be that you have an older cookie from an earlier attempt that is valid for the whole domain?
• You could try setting the cookie explicitly in /jp/index.php and /cn/index.php and see whether they still interfere. The $path argument should make this unnecessary but it's always worth a try.

Anyway, I'll bet a beer there's a old cookie somewhere or something like that.