Comment 0 for bug 1446036

For the new Ajax progress bar, Bug 1352028, we changed htdocs/auth/session.php so that it closes the PHP session when not in use. This was necessary in order to allow multiple requests to the same session to process simultaneously; PHP by default locks the session between the time you call session_start() and session_write_close().

The downside to this approach, though, is that every time you call session_start(), PHP adds a new (duplicate) PHP_SESS_ID cookie to the request header. Since we open and close the session every time we call $SESSION->set() now, this can lead to a very large cookie header.

On our hosting environment, these headers got too large and started causing our Nginx proxy server to throw errors while trying to initiate an MNet connection. This causes the proxy server to throw a 500 error, and to log an error like this:

2015/04/20 14:59:03 [error] 14845#0: *137093286 upstream sent too big header while reading response header from upstream, client: 2404:130:0:1000:61f4:7e47:8a26:821, server: master-mahara.catalystdemo.net.nz, request: "GET /auth/xmlrpc/land.php?token=3acfeeb7cad9814471ec5932fc293b30bbc7e387&idp=http://mnet-moodle.testing.elearning.catalyst.net.nz&wantsurl= HTTP/1.1", upstream: "http://202.78.243.12:9226/auth/xmlrpc/land.php?token=3acfeeb7cad9814471ec5932fc293b30bbc7e387&idp=http://mnet-moodle.testing.elearning.catalyst.net.nz&wantsurl=", host: "master-mahara.catalystdemo.net.nz"