Search code examples
phpcookiessession-cookiessetcookie

Why cookies are added rather than changed?

I am developing a site where each user should have their own id. When I went into the console, I saw that the id was duplicated instead of being one. Is this normal and should it be?

if (isset($_COOKIE['SESSION']) && (strlen($_COOKIE['SESSION']) === 32)) {
    $uid = $_COOKIE['SESSION'];
} else {
    $uid = openssl_random_pseudo_bytes(16);
    $uid = bin2hex($uid);
}
setcookie("SESSION", $uid, time()+(60*60*24*30));
$uid=$_COOKIE['SESSION'];

enter image description here

Solution

  • Cookies, by default, use the path of the page that they are set for.

    You should explicitly set the path to / using the 4th argument to setcookie.

    Aside: PHP has built-in session handling. You probably shouldn't be reinventing the wheel.