Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
For data security and privacy reasons I want to know why Magento uses two cookies for one frontend session.
All I know is that one of them is being set in Mage_Core_Model_Cookie::set(..) and the other one in Zend_Session::expireSessionCookie(), but still I can’t seem to figure out what they are used for.
I just can’t think of any reason why one would need a second cookie for the same domain.
I was able to fix this by reversing the order of the
session_start()call and the statement that sets the cookie inMage_Core_Model_Session_Abstract_Varien::start(..). Those two lines now look like this:It now only creates one single cookie and it does not seem to have any side-effects.
BTW: The other cookie was not created in Zend_Session as I assumed, but instead both of them came from
Mage_Core_Model_Session_Abstract_Varien::start(..).