From 2cf7b27ba3ab6d54921e97236ed04969ec56c1ad Mon Sep 17 00:00:00 2001
From: Marco <marco1@live.de>
Date: Fri, 20 Oct 2017 08:47:56 +0200
Subject: [PATCH] Support empty path scope for cookies to restrict to current
 directory

---
 Migration.md | 8 ++++++++
 src/Auth.php | 8 ++------
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/Migration.md b/Migration.md
index 6e50dab..d930549 100644
--- a/Migration.md
+++ b/Migration.md
@@ -54,6 +54,14 @@ $ composer update delight-im/auth
 
    Then the domain scope for [one of the cookies](#cookies) used by this library has changed. To make your application work correctly with the new scope, [rename the cookies](#renaming-the-librarys-cookies) used by this library in order to prevent conflicts with old cookies that have been created previously. Renaming the cookies is critically important here. We recommend a versioned name such as `session_v1` for the session cookie.
 
+ * If the directive `session.cookie_path` is set to an empty value, then the path scope for [one of the cookies](#cookies) used by this library has changed. To make your application work correctly with the new scope, [rename the cookies](#renaming-the-librarys-cookies) used by this library in order to prevent conflicts with old cookies that have been created previously. Renaming the cookies is critically important here. We recommend a versioned name such as `session_v1` for the session cookie.
+
+   The directive may have been set directly in your [PHP configuration](http://php.net/manual/en/configuration.file.php) (`php.ini`), via the `\ini_set` method or via the `\session_set_cookie_params` method. You can check the value of that directive by executing the following statement somewhere in your application:
+
+   ```php
+   \var_dump(\ini_get('session.cookie_path'));
+   ```
+
 ## From `v5.x.x` to `v6.x.x`
 
  * The database schema has changed.
diff --git a/src/Auth.php b/src/Auth.php
index ffe234c..97b9751 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -453,9 +453,7 @@ final class Auth extends UserManager {
 		$cookie->setValue($content);
 		$cookie->setExpiryTime($expires);
 
-		if (!empty($params['path'])) {
-			$cookie->setPath($params['path']);
-		}
+		$cookie->setPath($params['path']);
 
 		$cookie->setDomain($params['domain']);
 		$cookie->setHttpOnly($params['httponly']);
@@ -545,9 +543,7 @@ final class Auth extends UserManager {
 		// cause the session cookie to be deleted
 		$cookie = new Cookie(\session_name());
 
-		if (!empty($params['path'])) {
-			$cookie->setPath($params['path']);
-		}
+		$cookie->setPath($params['path']);
 
 		$cookie->setDomain($params['domain']);
 		$cookie->setHttpOnly($params['httponly']);