Developers often set cookies to be accessible from the root context path (“/”). Doing so exposes the cookie to all web applications on the domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications can lead a vulnerability in one application to cause a compromise in another.
public function setFlashCookieObject($name, $object, $time = 60)
{
setcookie($name, json_encode($object), time() + $time, '/');
return $this;
}
{
if (isset($_COOKIE[$name])) {
$object = json_decode($_COOKIE[$name], false);
setcookie($name, '', time() - 3600, '/');
return $object;
}
A cookie with an overly broad path can be accessed through other applications on the same domain.