--- session.orig.py	2004-01-27 18:06:22.000000000 -0600
+++ session.py	2004-01-28 18:37:11.000000000 -0600
@@ -346,9 +346,16 @@
         returned to the client via 'request.response'.
         """
         config = get_publisher().config
+        if config.session_cookie_path:
+            path = config.session_cookie_path
+        else:
+            path = request.environ['SCRIPT_NAME']
+            if not path.endswith("/"):
+                path += "/"
+
         request.response.set_cookie(config.session_cookie_name, session_id,
                                     domain = config.session_cookie_domain,
-                                    path = config.session_cookie_path)
+                                    path = path)
 
     def revoke_session_cookie (self, request):
         """revoke_session_cookie(request : HTTPRequest)
@@ -359,10 +366,17 @@
         this request does not see the cookie's revoked value.
         """
         config = get_publisher().config
+        if config.session_cookie_path:
+            path = config.session_cookie_path
+        else:
+            path = request.environ['SCRIPT_NAME']
+            if not path.endswith("/"):
+                path += "/"
+
         response = request.response
         response.set_cookie(config.session_cookie_name, "",
                             domain = config.session_cookie_domain,
-                            path = config.session_cookie_path,
+                            path = path,
                             max_age = 0)
         if request.cookies.has_key(config.session_cookie_name):
             del request.cookies[config.session_cookie_name]