How can I limit a cookie to "/admin" on my domain?

Question

How can I make the cookie session.cookie_path only available for the module "/admin/"?

Zend Framework Code:

// Se Login?
public static function isLoggedIn() {
    $namespace = new Zend_Session_Namespace('Zend_Auth');
    $namespace->setExpirationSeconds(60*5); //5 Minutos dura una session

    $namespace->cookie_path = '/admin/'

    return Zend_Auth::getInstance()->hasIdentity();
}

I can't get PHPSESSION to have the path set to '/admin/'. PHPSESSION always has the path set to '/' in the cookie. ;-(

score 2 · Accepted Answer · answered Jan 25 '11 at 19:36

typeoneerror is almost there. You're gonna want to use the setting "cookie_path" and not "cookie_domain"

Example:

    Zend_Session::setOptions(array(
        'cookie_lifetime' => 0,
        'cookie_path'     => "/admin",
        'cookie_domain'   => ".test.com",
        'cookie_secure'   => false,
        'cookie_httponly' => true
    ));

score 1 · Answer 2 · answered Nov 24 '10 at 03:06

If I understand you correctly, you want to limit the cookie to "/admin" on the domain? you need to pass cookie_path as options to Zend_Session, not its _Namespace partner:

$settings = array("cookie_domain" => "/admin");
Zend_Session::setOptions($settings);

You can also start a session with a settings object:

Zend_Session::start($settings);

You could also store your settings in a config file:

$config = new Zend_Config_Ini('config.ini', 'development');
Zend_Session::setOptions($config->toArray());

How can I limit a cookie to "/admin" on my domain?

2 Answers2