From ca5bfcaaed5bd07865be140932c23ed10243ebfb Mon Sep 17 00:00:00 2001
From: Djamil Legato <djamil@djamil.it>
Date: Thu, 25 Aug 2016 16:27:20 -0700
Subject: [PATCH] Fixed regression with Sessions and its path. Forcing $domain
 when creating a new session

---
 system/config/system.yaml          |  2 +-
 system/src/Grav/Common/Session.php | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/system/config/system.yaml b/system/config/system.yaml
index f8241aef3..e7a79b52e 100644
--- a/system/config/system.yaml
+++ b/system/config/system.yaml
@@ -123,7 +123,7 @@ session:
   name: grav-site                           # Name prefix of the session cookie. Use alphanumeric, dashes or underscores only. Do not use dots in the session name
   secure: false                             # Set session secure. If true, indicates that communication for this cookie must be over an encrypted transmission. Enable this only on sites that run exclusively on HTTPS
   httponly: true                            # Set session HTTP only. If true, indicates that cookies should be used only over HTTP, and JavaScript modification is not allowed.
-  path: ''
+  path:
 
 gpm:
   releases: stable                           # Set to either 'stable' or 'testing'
diff --git a/system/src/Grav/Common/Session.php b/system/src/Grav/Common/Session.php
index b7594842d..6f541e022 100644
--- a/system/src/Grav/Common/Session.php
+++ b/system/src/Grav/Common/Session.php
@@ -38,7 +38,10 @@ class Session extends BaseSession
         $base_url = $uri->rootUrl(false);
 
         $session_timeout = $config->get('system.session.timeout', 1800);
-        $session_path = $config->get('system.session.path', '/' . ltrim($base_url, '/'));
+        $session_path = $config->get('system.session.path');
+        if (!$session_path) {
+            $session_path = '/' . ltrim($base_url, '/');
+        }
 
         // Activate admin if we're inside the admin path.
         if ($config->get('plugins.admin.enabled')) {
@@ -56,13 +59,14 @@ class Session extends BaseSession
         }
 
         if ($config->get('system.session.enabled') || $is_admin) {
-            // Define session service.
-            parent::__construct($session_timeout, $session_path);
-
             $domain = $uri->host();
             if ($domain === 'localhost') {
                 $domain = '';
             }
+
+            // Define session service.
+            parent::__construct($session_timeout, $session_path, $domain);
+
             $secure = $config->get('system.session.secure', false);
             $httponly = $config->get('system.session.httponly', true);