Fix Cookie Prefix

system/Helpers/cookie_helper.php

@@ -61,9 +61,9 @@ function set_cookie(
      *
      * @see \CodeIgniter\HTTP\IncomingRequest::getCookie()
      */
-    function get_cookie($index, bool $xssClean = false)
+    function get_cookie($index, bool $xssClean = false, ?string $prefix = null)
     {
-        $prefix  = isset($_COOKIE[$index]) ? '' : config(App::class)->cookiePrefix;
+        $prefix ??= config(App::class)->cookiePrefix;
         $request = Services::request();
         $filter  = $xssClean ? FILTER_SANITIZE_FULL_SPECIAL_CHARS : FILTER_DEFAULT;
 

system/Session/Handlers/BaseHandler.php

@@ -119,7 +119,7 @@ public function __construct(AppConfig $config, string $ipAddress)
     protected function destroyCookie(): bool
     {
         return setcookie(
-            $this->cookieName,
+            config('App')->cookiePrefix . $this->cookieName,
             '',
             ['expires' => 1, 'path' => $this->cookiePath, 'domain' => $this->cookieDomain, 'secure' => $this->cookieSecure, 'httponly' => true]
         );

system/Session/Session.php

@@ -227,14 +227,16 @@ public function start()
             return;
         }
 
+        $cookieName = $this->cookie->getPrefixedName();
+
         $this->configure();
         $this->setSaveHandler();
 
         // Sanitize the cookie, because apparently PHP doesn't do that for userspace handlers
-        if (isset($_COOKIE[$this->sessionCookieName])
-            && (! is_string($_COOKIE[$this->sessionCookieName]) || ! preg_match('#\A' . $this->sidRegexp . '\z#', $_COOKIE[$this->sessionCookieName]))
+        if (isset($_COOKIE[$cookieName])
+            && (! is_string($_COOKIE[$cookieName]) || ! preg_match('#\A' . $this->sidRegexp . '\z#', $_COOKIE[$cookieName]))
         ) {
-            unset($_COOKIE[$this->sessionCookieName]);
+            unset($_COOKIE[$cookieName]);
         }
 
         $this->startSession();
@@ -251,7 +253,7 @@ public function start()
         }
         // Another work-around ... PHP doesn't seem to send the session cookie
         // unless it is being currently created or regenerated
-        elseif (isset($_COOKIE[$this->sessionCookieName]) && $_COOKIE[$this->sessionCookieName] === session_id()) {
+        elseif (isset($_COOKIE[$cookieName]) && $_COOKIE[$cookieName] === session_id()) {
             $this->setCookie();
         }
 
@@ -271,7 +273,7 @@ public function start()
     public function stop()
     {
         setcookie(
-            $this->sessionCookieName,
+            $this->cookie->getPrefixedName(),
             session_id(),
             ['expires' => 1, 'path' => $this->cookie->getPath(), 'domain' => $this->cookie->getDomain(), 'secure' => $this->cookie->isSecure(), 'httponly' => true]
         );
@@ -286,10 +288,12 @@ public function stop()
      */
     protected function configure()
     {
-        if (empty($this->sessionCookieName)) {
-            $this->sessionCookieName = ini_get('session.name');
+        $cookieName = $this->cookie->getPrefixedName();
+
+        if (empty($cookieName)) {
+            $cookieName = ini_get('session.name');
         } else {
-            ini_set('session.name', $this->sessionCookieName);
+            ini_set('session.name', $cookieName);
         }
 
         $sameSite = $this->cookie->getSameSite() ?: ucfirst(Cookie::SAMESITE_LAX);

user_guide_src/source/helpers/cookie_helper.rst

@@ -39,10 +39,11 @@ The following functions are available:
     a description of its use, as this function is an alias for
     :php:func:`Response::setCookie() <setCookie>`.
 
-.. php:function:: get_cookie($index[, $xssClean = false])
+.. php:function:: get_cookie($index[, $xssClean = false[, $prefix = null]])
 
     :param    string    $index: Cookie name
     :param    bool    $xssClean: Whether to apply XSS filtering to the returned value
+    :param  string  $prefix: A custom prefix to overwrite what is set in the App Config
     :returns:    The cookie value or null if not found
     :rtype:    mixed