In my current application, the PHPSESSID Cookie is sent multiple times. Here is an example response:
HTTP/1.1 200 OK Date: Tue, 11 Jun 2013 08:18:29 GMT Server: Apache/2.2.17 (Ubuntu) X-Powered-By: PHP/5.3.15-1~dotdeb.0 Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/ PHPSESSID=625qvi6328pdq2t7psh4t3voi6; path=/ PHPSESSID=625qvi6328pdq2t7psh4t3voi6; path=/ PHPSESSID=625qvi6328pdq2t7psh4t3voi6; path=/ Cache-Control: no-cache x-debug-token: 9dcc688323f1dad273d4c8fc7117f405a52ce998 Vary: Accept-Encoding Content-Encoding: gzip Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=ISO-8859-1
As you can see, there are three PHPSESSIDs.
I tried to reproduce this behavior with a single file with three calls to session_start(); :
<?php session_start(); session_start(); session_start();
but a cookie is only sent once.
Any idea how this could happen?
source share