diff --git a/conf/nginx-alldomains.conf b/conf/nginx-alldomains.conf
index c238bab2..89392a07 100644
--- a/conf/nginx-alldomains.conf
+++ b/conf/nginx-alldomains.conf
@@ -42,6 +42,8 @@
 		fastcgi_split_path_info ^/mail(/.*)()$;
 		fastcgi_index index.php;
 		fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
+        # ensure roudcube session id's aren't leaked to other parts of the server
+		fastcgi_param PHP_VALUE "session.cookie_path=/mail/";
 		fastcgi_pass php-fpm;
 
 		# Outgoing mail also goes through this endpoint, so increase the maximum
diff --git a/setup/webmail.sh b/setup/webmail.sh
index b8d9d08e..d93fff45 100644
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -141,8 +141,6 @@ cat > $RCM_CONFIG <<EOF;
 \$config['login_username_filter'] = 'email';
 \$config['password_charset'] = 'UTF-8';
 \$config['junk_mbox'] = 'Spam';
-/* ensure roudcube session id's aren't leaked to other parts of the server */
-\$config['session_path'] = '/mail/';
 /* prevent CSRF, requires php 7.3+ */
 \$config['session_samesite'] = 'Strict';
 \$config['quota_zero_as_unlimited'] = true;