|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14227 header(); does not overwrite session cookie
Submitted: 2001-11-26 06:25 UTC Modified: 2002-02-03 19:41 UTC
From: joffrey at ne2000 dot nl Assigned:
Status: Not a bug Package: HTTP related
PHP Version: 4.0.6 OS: Linux 2.4.2-2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: joffrey at ne2000 dot nl
New email:
PHP Version: OS:


 [2001-11-26 06:25 UTC] joffrey at ne2000 dot nl
header("Set-Cookie: x");

does not rewrite the Set-Cookie header, nor does true or fasle as second parameter on header.

some header:

HTTP/1.1 200 OK
Date: Mon, 26 Nov 2001 11:22:46 GMT
Server: Apache/1.3.20 (Unix) AuthMySQL/2.20 PHP/4.0.7RC3 mod_ssl/2.8.4 OpenSSL/0.9.6
X-Powered-By: PHP/4.0.7RC3
Set-Cookie: PHPSESSID=018ce45ca4f6950531412d038594cc14; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: x
Content-Length: 2297
Content-Disposition: inline; filename=document.pdf
Connection: close
Content-Type: application/pdf

feature or bug? :)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-03 19:33 UTC] chris at k2labs dot org
This is actually not a bug at all. The header function allows you to write a header, basically giving you the flexibility to write any string into the HTTP headers section.

Your Set-Cookie header did actually make it into the HTTP response. If you'll look near the bottom, you can see it. The reason it didn't "overwrite" the other is mostly because it's an entirely different cookie (one named x with no attributes given). When multiple cookies are set, multiple Set-Cookie headers are sent in the response.

Though I haven't tested it, I'd be willing to bet that if you were to set a cookie named PHPSESSID instead of x, you would only see one Set-Cookie header for that cookie, and it would have the value and attributes assigned to it last.

I hope that helps to explain this behavior.
 [2002-02-03 19:41 UTC]
Thanks for the note, Chris. I've set this to Bogus for you. 


PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Apr 24 07:01:29 2024 UTC