I'm helping a web developer with an issue. For all we know it's been happening for years and just now came to light because of a CloudFlare appliance that is now flagging things because the http header is too large. What we've found so far is that more cookies are being delivered in the header than there should be. There should be only one. When I watch the cookies in the Chrome Developer there's only one cookie being sent to the browser. But, in the http header there are many. An example is below but I shortened the cookies to save space. This example had 6, other pages have more. I'm not sure what the maximum is but total bytes are the problem for CloudFlare. One session we analyzed had 36 KB in the header vs. the 8 KB allowed by CloudFlare.
I also think the site is running a very old version of CodeIgniter. Likely v1.x and upgrading that isn't an option at this time. (I will be an option this summer.)
Anybody have any suggestions?
Thanks!
-Farren
HTTP/1.1 200 OK
Date: Thu, 20 Feb 2020 17:31:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
X-Powered-By: PHP/5.6.40
Set-Cookie: auth_cookie=1d316b6aca274faaf02b84f26c0af979; expires=Thu, 20-Feb-2020 19:31:55 GMT; Max-Age=7200; path=/; secure
Access-Control-Allow-Origin: cbgrad.com
Set-Cookie: cisession=E8%2Fx%; expires=Thu, 27-Feb-2020 17:31:55 GMT; Max-Age=604800; path=/; secure; httponly
Set-Cookie: cisession=Ik0ohGO; expires=Thu, 27-Feb-2020 17:31:55 GMT; Max-Age=604800; path=/; secure; httponly
Set-Cookie: cisession=1bB2p7Z; expires=Thu, 27-Feb-2020 17:31:55 GMT; Max-Age=604800; path=/; secure; httponly
Set-Cookie: cisession=bO284kF; expires=Thu, 27-Feb-2020 17:31:55 GMT; Max-Age=604800; path=/; secure; httponly
Set-Cookie: cisession=2ByxN9r; expires=Thu, 27-Feb-2020 17:31:55 GMT; Max-Age=604800; path=/; secure; httponly
Set-Cookie: cisession=BMIliRN; expires=Thu, 27-Feb-2020 17:31:55 GMT; Max-Age=604800; path=/; secure; httponly
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
