PHP :: Bug #14227 :: header(); does not overwrite session cookie

Bug #14227	header(); does not overwrite session cookie
Submitted:	2001-11-26 06:25 UTC	Modified:	2002-02-03 19:41 UTC
From:	joffrey at ne2000 dot nl	Assigned:
Status:	Not a bug	Package:	HTTP related
PHP Version:	4.0.6	OS:	Linux 2.4.2-2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	joffrey at ne2000 dot nl
New email:
PHP Version:		OS:

New Comment:

[2001-11-26 06:25 UTC] joffrey at ne2000 dot nl

<?php
session_start();
header("Set-Cookie: x");
?>

does not rewrite the Set-Cookie header, nor does true or fasle as second parameter on header.

some header:

HTTP/1.1 200 OK
Date: Mon, 26 Nov 2001 11:22:46 GMT
Server: Apache/1.3.20 (Unix) AuthMySQL/2.20 PHP/4.0.7RC3 mod_ssl/2.8.4 OpenSSL/0.9.6
X-Powered-By: PHP/4.0.7RC3
Set-Cookie: PHPSESSID=018ce45ca4f6950531412d038594cc14; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: x
Content-Length: 2297
Content-Disposition: inline; filename=document.pdf
Connection: close
Content-Type: application/pdf


feature or bug? :)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-02-03 19:33 UTC] chris at k2labs dot org

This is actually not a bug at all. The header function allows you to write a header, basically giving you the flexibility to write any string into the HTTP headers section.

Your Set-Cookie header did actually make it into the HTTP response. If you'll look near the bottom, you can see it. The reason it didn't "overwrite" the other is mostly because it's an entirely different cookie (one named x with no attributes given). When multiple cookies are set, multiple Set-Cookie headers are sent in the response.

Though I haven't tested it, I'd be willing to bet that if you were to set a cookie named PHPSESSID instead of x, you would only see one Set-Cookie header for that cookie, and it would have the value and attributes assigned to it last.

I hope that helps to explain this behavior.

[2002-02-03 19:41 UTC] torben@php.net

Thanks for the note, Chris. I've set this to Bogus for you. 
:)


Torben

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Oct 27 21:00:02 2025 UTC