Comment 3 for bug 1592236

Ah, now that is interesting. If the cookies have different paths, then that would indeed explain the problem. In the browser, a cookie is uniquely identified by its name, domain, and path.

Mahara is *supposed* to set the session cookie's path to be only the path portion of $CFG->wwwroot, so that all Mahara pages will use the same session cookie. Somehow your site is failing to do that under certain circumstances, and instead sending out ones with "/admin/site", which the browser then interprets as an entirely separate cookie.

Hm, it gives me something more specific to look at, but I still can't replicate it.