Fixed regression with Sessions and its path. Forcing $domain when creating a new session

system/config/system.yaml

@@ -123,7 +123,7 @@ session:
   name: grav-site                           # Name prefix of the session cookie. Use alphanumeric, dashes or underscores only. Do not use dots in the session name
   secure: false                             # Set session secure. If true, indicates that communication for this cookie must be over an encrypted transmission. Enable this only on sites that run exclusively on HTTPS
   httponly: true                            # Set session HTTP only. If true, indicates that cookies should be used only over HTTP, and JavaScript modification is not allowed.
-  path: ''
+  path:
 
 gpm:
   releases: stable                           # Set to either 'stable' or 'testing'

system/src/Grav/Common/Session.php

@@ -38,7 +38,10 @@ class Session extends BaseSession
         $base_url = $uri->rootUrl(false);
 
         $session_timeout = $config->get('system.session.timeout', 1800);
-        $session_path = $config->get('system.session.path', '/' . ltrim($base_url, '/'));
+        $session_path = $config->get('system.session.path');
+        if (!$session_path) {
+            $session_path = '/' . ltrim($base_url, '/');
+        }
 
         // Activate admin if we're inside the admin path.
         if ($config->get('plugins.admin.enabled')) {
@@ -56,13 +59,14 @@ class Session extends BaseSession
         }
 
         if ($config->get('system.session.enabled') || $is_admin) {
-            // Define session service.
-            parent::__construct($session_timeout, $session_path);
-
             $domain = $uri->host();
             if ($domain === 'localhost') {
                 $domain = '';
             }
+
+            // Define session service.
+            parent::__construct($session_timeout, $session_path, $domain);
+
             $secure = $config->get('system.session.secure', false);
             $httponly = $config->get('system.session.httponly', true);