JAIL_COOKIES config directive.

inc/config.php

@@ -17,12 +17,14 @@
 
 	// The name of the session cookie (PHP's $_SESSION)
 	define('SESS_COOKIE',	'imgboard', true);
-
+	
 	// Used to safely determine when the user was first seen, to prevent floods.
 	// time()
 	define('TIME_COOKIE',	'arrived', true);
 	// HASH_COOKIE contains an MD5 hash of TIME_COOKIE+SALT for verification.
 	define('HASH_COOKIE',	'hash', true);
+	// Where to set the 'path' parameter to ROOT when creating cookies. Recommended.
+	define('JAIL_COOKIES',	true,	true);
 
 	// How long should the cookies last (in seconds)
 	define('COOKIE_EXPIRE',	15778463, true); //6 months

inc/user.php

@@ -1,14 +1,21 @@
 <?php
 	
+	// Set the session name.
 	session_name(SESS_COOKIE);
-	session_start();
 	
+	// Set session parameters
+	session_set_cookie_params(0, JAIL_COOKIES?ROOT:'/');
+	
+	// Start the session
+	session_start(COOKIE_EXPIRE);
+	
+	// Session creation time
 	if(!isset($_SESSION['created'])) $_SESSION['created'] = time();
 	
 	if(!isset($_COOKIE[HASH_COOKIE]) || !isset($_COOKIE[TIME_COOKIE]) || $_COOKIE[HASH_COOKIE] != md5($_COOKIE[TIME_COOKIE].SALT)) {
 		$time = time();
-		setcookie(TIME_COOKIE, $time, time()+COOKIE_EXPIRE, '/', null, false, true);
+		setcookie(TIME_COOKIE, $time, time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true);
-		setcookie(HASH_COOKIE, md5(time().SALT), time()+COOKIE_EXPIRE, '/', null, false, true);
+		setcookie(HASH_COOKIE, md5(time().SALT), time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true);
 		$user = Array('valid' => false, 'appeared' => $time);
 	} else {
 		$user = Array('valid' => true, 'appeared' => $_COOKIE[TIME_COOKIE]);