set-cookie header multiple times

Question

I have this code in a assets controller to get images:

function images($path,$image_name)
{
    $image = "../assets/images/$path/$image_name";

    if (file_exists ($image) && (is_file($image))) {
        $name = $image_name;
    } else {

    }

    $file = getimagesize($image);
    $filesize = filesize($image);

    $time_cache = 360000000000;
    $ts = gmdate("D, d M Y H:i:s", time() + $time_cache) . " GMT";
    header("Content-Type: {$file['mime']}\n");
    header("Content-disposition: inline; filename=\"$name\"\n");
    header("Content-Length: $filesize\n");
    header("Expires: $ts");
    header("Pragma: cache");
    header("Cache-Control: max-age=$time_cache");
    readfile ($image);
}

I have set csrf protection to true in config/config.php file and every request for an image is sent with Set-Cookie header. So the csrf-cookie can get set multiple times on some pages. Is that something to worry about, and if so, is there a way to prevent this?

Answer 1

I managed to do this with header_remove("set-cookie");

So the code looks like this

header("Content-Type: {$file['mime']}\n");
header("Content-disposition: inline; filename=\"$name\"\n");
header("Content-Length: $filesize\n");
header("Expires: $ts");
header("Pragma: cache");
header("Cache-Control: max-age=$time_cache");
header_remove("set-cookie");
readfile ($image);

Answer 2

If in only one page/image request you uses setcookie function many times, php will send many times the same cookie to browser in one response. Maybe some browsers crashes reading that.

I've had problems with ajax requests in Internet Explorer due to multiple cookie definitions, when accidentally start the session object in CakePHP into a loop. I only detected that problem sniffing the connection with wireshark.