php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #25894 session_start() sending a cookie every time
Submitted: 2003-10-17 05:32 UTC Modified: 2003-10-17 09:35 UTC
From: tom at scl dot co dot uk Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.3 OS: Linux 2.4.18
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tom at scl dot co dot uk
New email:
PHP Version: OS:

 

 [2003-10-17 05:32 UTC] tom at scl dot co dot uk 
Description:
------------
The session_start() function seems to be sending the session cookie to the browser every time, even if the browser has already got a cookie and has submitted it to the script.

This, along with being a pretty pointless thing to do, also makes it imposible to delete a session cookie after the session_start() has been called as all the browsers I have tried this with seem to ignore a request to delete a cookie if the same cookie has been set before hand in the same request.

Reproduce code:
---------------
<?php
session_start();
?>

Expected result:
----------------
The cookie would be sent to the browser the first time you run the script but all following requests should not send a cookie to the browser because it has already got it.

Actual result:
--------------
A cookie is sent to the browser one every request for the page.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-10-17 08:33 UTC] sniper@php.net 
This is by design. Cookie lifetime would not work very well otherwise.
 [2003-10-17 08:55 UTC] tom at scl dot co dot uk 
Since when? This never used to be the case in previous versions of PHP, at least not with session cookies which have a lifetime of 0 anyway so why would it matter, I have never used pesistent cookies with php native sessions so I don't know how they behave but maybe I should have pointed out originally that I am using session cookies.

This also makes it impossible to delete the cookie!

And for people with browsers set to warn before recieving a cookie it is a major irritation having to go through the warning dialog on every page hit.

This change has cause quite a substantial amount of my code to break and I'm sure I can be the only person experiencing problems with these changes.
 [2003-10-17 08:57 UTC] sniper@php.net 
Bullshit, I just wrote a logout function in which I delete the cookie and it works just fine.
 [2003-10-17 09:35 UTC] tom at scl dot co dot uk 
I appologise, deleting the cookie is possible but it is still both pointless pointless & annoying to be sending a cookie every time with "session" cookies.
 [2004-02-20 18:08 UTC] pweis at pweis dot com 
I just stumbled over the same problem. PHP sends a Set-Cookie header every time a page is requested. This might make some sense for lifetime > 0, but definitely not for lifetime == 0. This is especially annoying for users that don't accept cookies automatically. Right now, they have to accept a new cookie for every page.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Dec 06 16:00:01 2025 UTC