From 278669c548e427182ba7098811bc74c368108acc Mon Sep 17 00:00:00 2001
From: Michael Wallner <mike@php.net>
Date: Fri, 15 May 2015 15:12:16 +0200
Subject: [PATCH] limit cookie path to baseurl by default

---
 app/Session.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/Session.php b/app/Session.php
index f2a5dbd..af1b8e7 100644
--- a/app/Session.php
+++ b/app/Session.php
@@ -8,7 +8,8 @@ use http\Params;
 
 class Session implements ArrayAccess
 {
-	function __construct(Config $config, Response $response) {
+	function __construct(Config $config, BaseUrl $baseUrl, Response $response) {
+		ini_set("session.cookie_path", $baseUrl->path);
 		foreach ($config->session as $key => $val) {
 			ini_set("session.$key", $val);
 		}
-- 
2.30.2