Line 44 in session/session_component.php can cause FireFox 2 and IE 7 to set multiple session cookies when interfacing with pages outside of Zoop App if it is in a sub folder. The line sets the cookie params for a specific path using $_SERVER['SCRIPT_NAME'], but if you are using session cookies they should be valid for folders in which you require sessions. On my site all session cookies are valid for '/' and zoop exists in a subfolder. When you visit http://www.null.com you get the first cookie then when you move to http://www.null.com/zoop you get a session cookie param for the path $_SERVER['SCRIPT_NAME'] you end up with two PHPSESSION cookies. FireFox and IE 7 will send a header line with a PHPSESSION at the beginning and end of the cookie header, but php only takes the first one which is usually contains no useful information. Drupal I believe has similar issues with double session cookies which they patched.

There are a couple way to fix this first is to change $_SERVER['SCRIPT_NAME'] to ini_get('session.cookie_path')' and the second is just to comment out the line all together which works if you have session.cookie_lifetime set in the php.ini since it is accomplishing the same end result.

The details of recreating this issue can be complex as they require that the root folder have output buffer on and the zoop app have output buffer off.

//session_component.php line 44
session_set_cookie_params(ini_get('session.cookie_lifetime'), $_SERVER['SCRIPT_NAME']);

//php.ini section with session cookies set if line 44 is commented out
; Name of the session (used as cookie name).
session.name = PHPSESSID
 
; Initialize session on request startup.
session.auto_start = 0
 
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 3600
 
; The path for which the cookie is valid.
session.cookie_path = /
 
; The domain for which the cookie is valid.
session.cookie_domain = .enteryourdomain.com