Why cookies are added rather than changed?

I am developing a site where each user should have their own id. When I went into the console, I saw that the id was duplicated instead of being one. Is this normal and should it be?

if (isset($_COOKIE['SESSION']) && (strlen($_COOKIE['SESSION']) === 32)) {
    $uid = $_COOKIE['SESSION'];
} else {
    $uid = openssl_random_pseudo_bytes(16);
    $uid = bin2hex($uid);
}
setcookie("SESSION", $uid, time()+(60*60*24*30));
$uid=$_COOKIE['SESSION'];

if (isset($_COOKIE['SESSION']) && (strlen($_COOKIE['SESSION']) === 32)) {

    $uid = $_COOKIE['SESSION'];

} else {

    $uid = openssl_random_pseudo_bytes(16);

    $uid = bin2hex($uid);

}

setcookie("SESSION", $uid, time()+(60*60*24*30));

$uid=$_COOKIE['SESSION'];

​

Answer

Cookies, by default, use the path of the page that they are set for.

You should explicitly set the path to / using the 4th argument to setcookie.

Aside: PHP has built-in session handling. You probably shouldn’t be reinventing the wheel.