Yes.
The HTTP specification allows for cookies with the same name, but different paths. Unfortunately as far as I know PHP doesn't account for this, instead all it does is add all the cookies to a simple single-dimension key-value-pair array (named $_COOKIES) and makes them all available to the script regardless of whether the path matches or not.
And because it's perfectly possible for the browser to format the cookie header so as to send the valid cookie before the invalid one, when PHP processes the header, it simply overwrites any existing entry in the array resulting in the valid cookie never being available to the script.
Which is a bit shit. |
