Why do I have two session identifiers in my header?

Question

Why do I have two session identifiers in my header?

I use PHP5.3, Apache 2.2, and Zend Framework 1.11, and when I make a curl request, I have two Set-Cookie headers with two different session identifiers.

Any ideas?

> POST /api/register HTTP/1.1 > Authorization: Basic Ymd1ZXJ0eQ== > Host: api.domain.tld > Accept: */* > Content-Length: 66 > Content-Type: application/x-www-form-urlencoded > < HTTP/1.1 200 OK < Date: Wed, 07 Dec 2011 13:27:07 GMT < Server: Apache < X-Powered-By: PHP/5.3.8 < Set-Cookie: SESSID=vtvackh55bj1up3ouoq4bhk545; expires=Thu, 06-Dec-2012 19:15:53 GMT; path=/ < Expires: Thu, 19 Nov 1981 08:52:00 GMT < Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 < Pragma: no-cache < Set-Cookie: SESSID=79a1g98e0pkqlq8fo7elpe9492; expires=Thu, 06-Dec-2012 19:15:53 GMT; path=/ < Vary: Accept-Encoding,User-Agent < Content-Length: 128 < Content-Type: application/json

+4

php session-cookies session zend-framework

Trent Dec 7 '11 at 13:28

source share

1 answer

Halcyon · Answer 1 · 2011-12-14T03:54:09+0000

Your server application emits a Set-Cookie header twice. This can come from anywhere, it is impossible to say without seeing the whole code.

Look for things that relate to session processing. If there is a third-party code, disable it and check if the problem persists.

Why do I have two session identifiers in my header?

More articles: