JWT session cookie not gets set for path='/' by default, also jwt_session_destroy() will immediatly remove cookie

Author: luca-vogels

scripts/jwt-session.php

@@ -277,9 +277,10 @@ function jwt_session_store($jsonObj=null, $cookieName="jwt", $cookieExpire=0, $c
         if(is_null($jsonObj)) $jsonObj = $_SESSION;
         $jwt = jwt_encode($jsonObj);
         if(!$jwt) return;
-        $cookieOptions['expires'] = $cookieExpire;
-        $cookieOptions['secure'] = is_null($cookieSecure) ? $_ENV['JWT_HTTPS_ONLY'] : $cookieSecure;
-        $cookieOptions['httponly'] = $cookieHttpOnly;
+        if(!isset($cookieOptions['expires'])) $cookieOptions['expires'] = $cookieExpire;
+        if(!isset($cookieOptions['secure'])) $cookieOptions['secure'] = is_null($cookieSecure) ? $_ENV['JWT_HTTPS_ONLY'] : $cookieSecure;
+        if(!isset($cookieOptions['httponly'])) $cookieOptions['httponly'] = $cookieHttpOnly;
+        if(!isset($cookieOptions['path']))$cookieOptions['path'] = "/";
         setcookie($cookieName, $jwt, $cookieOptions);
     }
 
@@ -289,6 +290,6 @@ function jwt_session_store($jsonObj=null, $cookieName="jwt", $cookieExpire=0, $c
      */
     function jwt_session_destroy($cookieName="jwt"){
         unset($_COOKIE[$cookieName]);
-        setcookie($cookieName, null, -1, '/');
+        setcookie($cookieName, "", time()-3600, '/');
     }
 ?>