Code That Sets Cookie or Session -- Pressflow Core & Contrib

This is a raw list derived from a grep of my /includes, /modules, and /sites/all/modules directories on a Pressflow 6.15 installation. (I didn't redo when I upgraded to 6.16, but I imagine the core hasn't changed.) Note that I don't have all the modules below enabled, but I still have the code in the directory so I have added them.

Creating this list is, I hope, a first step toward making the "Modules That Break Caching and How To Fix Them" list more comprehensive. Note that all my notes in parentheses may not be entirely accurate - hopefully, further testing will confirm them.

Modules that set cookies:

cd /var/www/drupal
grep -R setcookie .


  • Flag 2.x
    • for each anonymously flagged piece of content
  • Webform
    • for each webform submission (in recent releases, the use of cookies is an opt-in feature only)
  • Boost
    • for when logged in
  • Devel's Krumo library
    • WebFXTreeHandler (not sure when this is actually used though)
  • CiviCRM – Facebook
    • Facebook API key
  • CiviCRM – Smarty
    • If Smarty is being debugged
  • WordPress (module not available on
    • WP user name (not sure if this is used)
  • Zipcode Redirect
  • popups_reference
  • cacherouter
  • memcache


    • session_name() – the Drupal session cookie
  • comment module:
    • "comment_info" . $field
  • cookie_cache_bypass:
    • NO_CACHE (used for when an anonymous user has just posted content or updated a node)

Modules that set sessions:


  • Legal: 'legal_update_2' (only on install)
  • Views Bulk Operations: 'vbo_values', 'vbo_options' (only for admins)
  • Mobile Tools: 'mobile-tools-mobile-device', 'mobile-tools-site-type'
  • Links Admin: 'link_admin_filter' (for admins, I think)
  • Custom Error: 'destination' (only on error pages)
  • Ubercart:
    • Core:
      • 'cart_order' (once someone has purchased something)
      • 'expanded_panes'
      • 'checkout_valid'
      • 'do_review'
      • 'do_complete'
      • 'email_match'
      • 'checkout_redirect'
      • 'uc_cart_last_url'
      • 'uc_referer_uri' (is set if referer_uri() returns nothing - in uc_store.module)
      • 'uc_cart_id' (gets set when you visit /cart, even if you there is nothing in your cart - not sure if this is good)
    • Ubercart Google Analytics: 'ucga_order_id'
    • Ubercart Quote: 'quote' (not used anymore)
    • UC UPS: 'ups' (not used anymore)
    • UC 2 Checkout: 'uc_cart_checkout_review_form'
    • UC Payment: 'uc_payment_method', 'uc_payment_order_id', 'uc_payment_amount', 'uc_payment_data', 'statuses'
    • UC PayPal: 'have_details'
    • UC Credit: 'sescrd', 'cc_pay', 'update_cc_encrypt_dir', 'clear_cc'
    • UC Google Checkout: 'google_updates' (don't use)
    • UC Order:
      • 'sort_status' (for admins)
      • 'new_user' (for when a new user is created in the order process)
    • UC CA: 'ca_action_focus' (for admins)
    • UC Coupon: 'uc_coupon' (on checkout)
  • Panels Mini: 'pm_import' (for admins)
  • Panels: 'layout' (for admins)
  • Page Manager: 'page_manager' (for admins)
  • Popups: 'page_override'
  • i18n_sync: 'upload_files'
  • i18n: 'language'
  • Image Assist: 'htmlcode' (probably only for authenticated users)
  • Ad: 'ad_overview_filter' (for admins)
  • Ad Channel: 'ad_report_channel
  • Ad Report: 'ad_report_start', 'ad_report_end', 'ad_report_group'
  • Mollom: 'mollom_sessions' (this means that after filling out a Mollom captcha, you will not get cached pages for the rest of your time on site)
  • Amazon Store: 'cart_id', 'HMAC' (I think this may only be if you try buying a book, but I'll have to check...)
  • Filter Permissions: 'filter_perm_roles', 'filter_perm_modules' (I think this are only if you are filtering permissions (as admin))
  • FCKEditor: 'FCKeditor' (look into this)
  • Referer Theme: 'referer_theme' (this is by intent since referer_theme pages
  • Drupal for Facebook: 'fb_frame_params', 'fb_canvas_session', 'fb_form_friend_selector_result', 'fb_connect', 'fb_frame_params', 'fb', 'fb_feed_dialogs' (haven't used this module recently...not sure about context)
  • Invite: INVITE_ADMIN_SESSION (for admins), INVITE_SESSION, 'invite_failed_emails'
  • CiviCRM:
    • 'CiviCRM' (one array to rule them all....this is sometimes set unnecessarily - see fix on the Modules That Break Caching and How to Fix Them page)
    • 'PHPIDS' (don't think this is used much...)
    • 'install_type' (only on install)
    • 'nodesOpen', 'amfphp_recordsets', 'amfphp_username', 'amfphp_roles', 'amfphp_recordsets' (don't think these are used much)
    • 'qfSessionID' (only on "CiviCRM pages", which shouldn't be cached anyway)
  • WordPress: 'drupal_wordpress_cookie_name' (module is not available on
  • Gigya: 'gigya_uid', 'setStatus_msg', 'setStatus_default', 'setStatus_popup', 'setStatus_uid', 'setStatus_nid' (this list will need to be updated when I upgrade to 2.0 for Gigya)
  • Image Upload: 'image_uplad' (only when images are uploaded)
  • CAPTCHA: 'captcha_success_form_ids'
  • Rules: 'rules_forms_message', 'rules_forms_element_ids' (only on admin pages)
  • ThemeKey: 'themekey_theme' (when a themekey is set)
  • Views: 'views' (catch-all, not sure when all it is used - mainly admin and exposed filters, I think)
  • messages_alter


  • Includes:
    • 'not_slavesafe' (used for queries)
    • 'batch_form_state' (used for batch operations)
    • 'session_update_6021'
    • 'messages'
  • Modules:
    • Node: 'node_overview_filter' (admins only)
    • OpenID: 'openid' (not sure when this is set)
    • Book: 'book_update_6000','book_update_6000_orphans' (only on update)
    • Comment: 'comment_mode', 'comment_sort', 'comment_comments_per_page' (probably only for admins)