Duplicated “set-cookie: ci-session” fields in header by codeigniter

Question

For each time $this->session->set_userdata() or $this->session->set_flashdata() is used in my controller, another identical "Set-Cookie: ci_session=..." is added to the http header the server sends.

Multiple Set-Cookie fields, with the same cookie name, in the http header is not okay according to rfc6265.

So is there a way to use codeigniter sessions without it creating multiple identical "set-cookie:"s?

(I've used curl to verify the http header)

Answer 1

check https://github.com/EllisLab/CodeIgniter/pull/1780

By default when using the cookie session handler (encrypted or unencrypted), CI sends the entire "Set-Cookie" header each time a new value is written to the session. This results in multiple headers being sent to the client.

This is a problem because if too many values are written to the session, the HTTP headers can grow quite large, and some web servers will reject the response. (see http://wiki.nginx.org/HttpProxyModule#proxy_buffer_size)

The solution is to only run 'sess_save()' one time right after all other headers are sent before outputting the page contents.

Answer 2

I believe you can pass an array to $this->session->set_userdata(); I haven't tested this code so it is merely a suggestion to try something along these lines:

$data = array(
    'whatever' => 'somevalue',
    'youget' => 'theidea'
);

$this->session->set_userdata($data);

NB: When I say I haven't tested the code.. I have used this code and I know it works, I mean I havent tested if it will reduce the amount of headers sent.

Answer 3

In my case, the error is in the browser (Chrome). It stored 2 cookie and send both to server, this make server create new session all the time. I fixed it by clear the cookies in browser. Hope it help someone. :)