Home/ Questions/Q 8945367
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T12:13:50+00:00

For each time $this->session->set_userdata() or $this->session->set_flashdata() is used in my controller, another identical Set-Cookie:

  • 0

For each time $this->session->set_userdata() or $this->session->set_flashdata() is used in my controller, another identical “Set-Cookie: ci_session=…” is added to the http header the server sends.

Multiple Set-Cookie fields, with the same cookie name, in the http header is not okay according to rfc6265.

So is there a way to use codeigniter sessions without it creating multiple identical “set-cookie:”s?

(I’ve used curl to verify the http header)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    check https://github.com/EllisLab/CodeIgniter/pull/1780

    By default when using the cookie session handler (encrypted or unencrypted), CI sends the entire "Set-Cookie" header each time a new value is written to the session. This results in multiple headers being sent to the client.

    This is a problem because if too many values are written to the session, the HTTP headers can grow quite large, and some web servers will reject the response. (see http://wiki.nginx.org/HttpProxyModule#proxy_buffer_size)

    The solution is to only run ‘sess_save()’ one time right after all other headers are sent before outputting the page contents.

    • 0