Authentication->setIdentity isn't respecting Session.ini.session.cookie_path

[patrickconroy]

Hello. I'm seeing something weird in my app right now when calling Authentication->setIdentity. The Session.ini.session.cookie_path is getting overriden with /. In Cake\Http\Session I can see an empty array sent to __construct which means this evaluates to that /.

$cookiePath = empty($config['cookiePath']) ? '/' : $config['cookiePath'];

My cookie will respect all the other ini options I'm setting in my config (cookie_samesite, cookie_lifetime), but not cookie_path.

return [
    'Session' => [
        'cookie' => 'cookiename.....',
        'defaults' => 'database',
        'ini' => [
            'session.cookie_path' => "/path/",
            'session.cookie_lifetime' => 60 * 60 * 24 * 3,
            'session.cookie_samesite' => 'Lax',
        ]
    ]
];

cakephp/cakephp version: 4.3.10
cakephp/authentication version: 2.9.0

[markstory]

Since you tracked down the session construction, what is the stacktrace for the session creation? Generally it is supposed to happen during ServerRequestFactory::fromGlobals() during Http server setup, so the configuration should be present unless you are setting configuration after the request has been made.

[othercorey]

@patrickconroy Can you follow up on this?

[github-actions]

This issue is stale because it has been open for 120 days with no activity. Remove the stale label or comment or this will be closed in 15 days

[dereuromark]

Is this still valid?