-SESSION_KEY="$(update_session)"
-SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
-SESSION_ID="${SESSION_KEY%% *}"
+SESSION_COOKIE() {
+ [ "$1" = new ] && new_session
+ SET_COOKIE 0 session="$SESSION_KEY" Path="/${_BASE#/}" SameSite=Strict HttpOnly
+}
+
+update_session || new_session