Move session.cookie_path variable for Roundcube to Nginx config

This preserves the security of the default configuration while allowing greater flexibility for advanced configurations

Author: MrWinux

conf/nginx-alldomains.conf

@@ -42,6 +42,8 @@
 		fastcgi_split_path_info ^/mail(/.*)()$;
 		fastcgi_index index.php;
 		fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
+        # ensure roudcube session id's aren't leaked to other parts of the server
+		fastcgi_param PHP_VALUE "session.cookie_path=/mail/";
 		fastcgi_pass php-fpm;
 
 		# Outgoing mail also goes through this endpoint, so increase the maximum

setup/webmail.sh

@@ -141,8 +141,6 @@ cat > $RCM_CONFIG <<EOF;
 \$config['login_username_filter'] = 'email';
 \$config['password_charset'] = 'UTF-8';
 \$config['junk_mbox'] = 'Spam';
-/* ensure roudcube session id's aren't leaked to other parts of the server */
-\$config['session_path'] = '/mail/';
 /* prevent CSRF, requires php 7.3+ */
 \$config['session_samesite'] = 'Strict';
 \$config['quota_zero_as_unlimited'] = true;