From 601990d59b6d0a22b4f0d09db72a7adf361003a8 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Sat, 3 Nov 2018 14:36:51 -0600
Subject: [PATCH] Set session name based on `security.salt` rather than
 `GRAV_ROOT` #2242

---
 CHANGELOG.md                                              | 1 +
 system/src/Grav/Common/Service/SessionServiceProvider.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7ec4573e92..d86d40c67e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@
     * Make `Data` class to extend `JsonSerializable`
     * Modified debugger icon to use retina space-dude version
     * Added missing `Video::preload()` method
+    * Set session name based on `security.salt` rather than `GRAV_ROOT` [#2242](https://github.com/getgrav/grav/issues/2242)
     * Added option to configure list of `xss_invalid_protocols` in `Security` config [#2250](https://github.com/getgrav/grav/issues/2250)
     * Smarter `security.salt` checking now we use `security.yaml` for other options
 
diff --git a/system/src/Grav/Common/Service/SessionServiceProvider.php b/system/src/Grav/Common/Service/SessionServiceProvider.php
index 529c8047e5..3472977c4f 100644
--- a/system/src/Grav/Common/Service/SessionServiceProvider.php
+++ b/system/src/Grav/Common/Service/SessionServiceProvider.php
@@ -68,7 +68,7 @@ public function register(Container $container)
             }
 
             $inflector = new Inflector();
-            $session_name = $inflector->hyphenize($config->get('system.session.name', 'grav_site')) . '-' . substr(md5(GRAV_ROOT), 0, 7);
+            $session_name = $inflector->hyphenize($config->get('system.session.name', 'grav-site')) . '-' . md5($config->get('security.salt'));
             if ($is_admin && $config->get('system.session.split', true)) {
                 $session_name .= '-admin';
             }