0340Cannot peek at sessions table without outputting Set-Cookie header
This causes cookiewalls to appear on many websites, even ones that only need cookies for managing administrator access and not for tracking regular visitors.
This seems to be a feasonable yet cumbersome workaround I found on the web, to wipe the cookie after any session_start():
$_SESSION = array();
if (session_id() !== "") {
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(
session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
}
header_remove("Set-Cookie");
header_remove("X-Powered-By");
Another option seems to be creating a custom session database, which is even more cumbersome.