Describe the bug
Cookies generally have PATHs set to limit the scope under which they operate. HTMLy doesn't do this and conflicts with other scripts that set cookies elsewhere on the site.
To reproduce
This is currently happening on my own Web server, so mind the links, but it's pretty reproducible there.
- The non-HTMLy script being conflicted with is at https://cammy.somnolescent.net/aboveground/galleries/wales-2023/deported.js. This increments a little counter for every page throughout the gallery you visit. It's an in-joke with some friends, for context. (That it uses document.write and that's bad form isn't important--this site is meant to work in older browsers that only support it.) This script sets a PATH value for its cookie data to only work on that set of pages.
- Go to any page in that gallery--https://cammy.somnolescent.net/aboveground/galleries/wales-2023/02/ will work. "Times I got deported: 0" will appear in the footer and increment with each page load or every new page you visit.
- Now go to the HTMLy install on that site, at https://cammy.somnolescent.net/aboveground/galleries/wales-2023/02/. This sets a PHPSESSID cookie with no PATH specified, so its scope is across the entire site.
- Return to the gallery. You'll now get something to the effect of "Times I got deported: 3; PHPSESSID=" etc. One further refresh will set the counter to NaN instead.
- If one goes to the HTMLy install first, the PHPSESSID will already pre-populate the counter and a refresh will also result in a NaN counter.
Expected behavior
HTMLy should set a PATH on its PHP cookies for where it's actually installed on the server, not on the root of the entire site. This prevents it from conflicting with cookies set elsewhere on the same site. I could rewrite that script to truncate the cookie string before incrementing it and probably will, but HTMLy still should be setting PATHs anyway as it's good form.
HTMLy version
3.1.1
Server info
- OS: Ubuntu 22.04.5 LTS
- Webserver: Apache 2.4.52
- PHP Version: 8.4
Describe the bug
Cookies generally have PATHs set to limit the scope under which they operate. HTMLy doesn't do this and conflicts with other scripts that set cookies elsewhere on the site.
To reproduce
This is currently happening on my own Web server, so mind the links, but it's pretty reproducible there.
Expected behavior
HTMLy should set a PATH on its PHP cookies for where it's actually installed on the server, not on the root of the entire site. This prevents it from conflicting with cookies set elsewhere on the same site. I could rewrite that script to truncate the cookie string before incrementing it and probably will, but HTMLy still should be setting PATHs anyway as it's good form.
HTMLy version
3.1.1
Server info