Since version 14.177.303, Team Password Manager uses its own session cookie name: TPMSESSID.
In previous versions, PHP’s default name (PHPSESSID) was used.
Optionally, you can change the cookie name by defining the following constant in your config.php file:
define('TPM_SESSION_COOKIE', 'my_session_cookie_name');
What is the session cookie name?
When a user logs in, Team Password Manager creates a session to keep the user authenticated. The browser stores a cookie that contains the session ID, and this cookie’s name identifies it. For example, with the default configuration, the cookie name is TPMSESSID.
Why we changed it
PHP’s default session cookie name (PHPSESSID) is used by many applications.
If multiple PHP applications share the same domain or subdomain, they can end up using the same cookie name, which may cause:
- Session conflicts or unexpected logouts.
- Difficulty identifying which app a session belongs to.
- Potential security or isolation issues.
By using TPMSESSID instead, Team Password Manager keeps its sessions isolated from other PHP applications.
This improves both security and compatibility.
The cookie name is also configurable, giving administrators flexibility to adapt it to their environment or policies.
Document changelog
| Oct 15, 2025: | Document created |
