[eluser]skunkbad[/eluser]
[quote author="WanWizard" date="1350574225"]I don't build CI applications anymore, so no real incentive to spend more time looking into it at the moment.[/quote]
I know you mentioned your struggling with a PyroCMS application, so I was wondering if my proposed code might fix that. All it does is remove all but the last set-cookie from the response header. One side effect is that since setcookie() is indirectly called manually through a post controller hook, instances where I was echoing out some json in controllers that output ajax responses had to be changed to use Output->set_output() instead of echo. Obviously it's not possible to send a header after output is sent to the browser.
If the issue is just that browser X is too stupid to pick the last set-cookie in the header, then assuming the last one is the right one, my code would give the browser only a single choice. In my testing everything seemed to work fine, but I never had any issues with sessions, so I'm not sure if I fixed the issue or not.