This is a raw list derived from a grep of my /includes, /modules, and /sites/all/modules directories on a Pressflow 6.15 installation. (I didn't redo when I upgraded to 6.16, but I imagine the core hasn't changed.) Note that I don't have all the modules below enabled, but I still have the code in the directory so I have added them.

Creating this list is, I hope, a first step toward making the "Modules That Break Caching and How To Fix Them" list more comprehensive. Note that all my notes in parentheses may not be entirely accurate - hopefully, further testing will confirm them.

Modules that set cookies:

cd /var/www/drupal grep -R setcookie .

Contrib:

  • Flag 2.x

    • for each anonymously flagged piece of content

  • Webform

    • for each webform submission (in recent releases, the use of cookies is an opt-in feature only)

  • Boost

    • for when logged in

  • Devel's Krumo library

    • WebFXTreeHandler (not sure when this is actually used though)

  • CiviCRM – Facebook

    • Facebook API key

  • CiviCRM – Smarty

    • If Smarty is being debugged

  • WordPress (module not available on Drupal.org)

    • WP user name (not sure if this is used)

    • WORDPRESS_USER_COOKIE

    • WORDPRESS_PASS_COOKIE

  • Zipcode Redirect

    • ZR_COOKIE_ZIP

  • popups_reference

  • cacherouter

  • memcache

Core:

  • session.inc:

    • session_name() – the Drupal session cookie

  • comment module:

    • "comment_info" . $field

  • cookie_cache_bypass:

    • NO_CACHE (used for when an anonymous user has just posted content or updated a node)

Modules that set sessions:

Contrib:

  • Legal: 'legal_update_2' (only on install)

  • Views Bulk Operations: 'vbo_values', 'vbo_options' (only for admins)

  • Mobile Tools: 'mobile-tools-mobile-device', 'mobile-tools-site-type'

  • Links Admin: 'link_admin_filter' (for admins, I think)

  • Custom Error: 'destination' (only on error pages)

  • Ubercart:

    • Core:

      • 'cart_order' (once someone has purchased something)

      • 'expanded_panes'

      • 'checkout_valid'

      • 'do_review'

      • 'do_complete'

      • 'email_match'

      • 'checkout_redirect'

      • 'uc_cart_last_url'

      • 'uc_referer_uri' (is set if referer_uri() returns nothing - in uc_store.module)

      • 'uc_cart_id' (gets set when you visit /cart, even if you there is nothing in your cart - not sure if this is good)

    • Ubercart Google Analytics: 'ucga_order_id'

    • Ubercart Quote: 'quote' (not used anymore)

    • UC UPS: 'ups' (not used anymore)

    • UC 2 Checkout: 'uc_cart_checkout_review_form'

    • UC Payment: 'uc_payment_method', 'uc_payment_order_id', 'uc_payment_amount', 'uc_payment_data', 'statuses'

    • UC PayPal: 'have_details'

    • UC Credit: 'sescrd', 'cc_pay', 'update_cc_encrypt_dir', 'clear_cc'

    • UC Google Checkout: 'google_updates' (don't use)

    • UC Order:

      • 'sort_status' (for admins)

      • 'new_user' (for when a new user is created in the order process)

    • UC CA: 'ca_action_focus' (for admins)

    • UC Coupon: 'uc_coupon' (on checkout)

  • Panels Mini: 'pm_import' (for admins)

  • Panels: 'layout' (for admins)

  • Page Manager: 'page_manager' (for admins)

  • Popups: 'page_override'

  • i18n_sync: 'upload_files'

  • i18n: 'language'

  • Image Assist: 'htmlcode' (probably only for authenticated users)

  • Ad: 'ad_overview_filter' (for admins)

  • Ad Channel: 'ad_report_channel

  • Ad Report: 'ad_report_start', 'ad_report_end', 'ad_report_group'

  • Mollom: 'mollom_sessions' (this means that after filling out a Mollom captcha, you will not get cached pages for the rest of your time on site)

  • Amazon Store: 'cart_id', 'HMAC' (I think this may only be if you try buying a book, but I'll have to check...)

  • Filter Permissions: 'filter_perm_roles', 'filter_perm_modules' (I think this are only if you are filtering permissions (as admin))

  • FCKEditor: 'FCKeditor' (look into this)

  • Referer Theme: 'referer_theme' (this is by intent since referer_theme pages

  • Drupal for Facebook: 'fb_frame_params', 'fb_canvas_session', 'fb_form_friend_selector_result', 'fb_connect', 'fb_frame_params', 'fb', 'fb_feed_dialogs' (haven't used this module recently...not sure about context)

  • Invite: INVITE_ADMIN_SESSION (for admins), INVITE_SESSION, 'invite_failed_emails'

  • CiviCRM:

    • 'CiviCRM' (one array to rule them all....this is sometimes set unnecessarily - see fix on the Modules That Break Caching and How to Fix Them page)

    • 'PHPIDS' (don't think this is used much...)

    • 'install_type' (only on install)

    • 'nodesOpen', 'amfphp_recordsets', 'amfphp_username', 'amfphp_roles', 'amfphp_recordsets' (don't think these are used much)

    • 'qfSessionID' (only on "CiviCRM pages", which shouldn't be cached anyway)

  • WordPress: 'drupal_wordpress_cookie_name' (module is not available on Drupal.org)

  • Gigya: 'gigya_uid', 'setStatus_msg', 'setStatus_default', 'setStatus_popup', 'setStatus_uid', 'setStatus_nid' (this list will need to be updated when I upgrade to 2.0 for Gigya)

  • Image Upload: 'image_uplad' (only when images are uploaded)

  • CAPTCHA: 'captcha_success_form_ids'

  • Rules: 'rules_forms_message', 'rules_forms_element_ids' (only on admin pages)

  • ThemeKey: 'themekey_theme' (when a themekey is set)

  • Views: 'views' (catch-all, not sure when all it is used - mainly admin and exposed filters, I think)

  • messages_alter

Core:

  • Includes:

    • pager.inc: 'not_slavesafe' (used for queries)

    • batch.inc/form.inc: 'batch_form_state' (used for batch operations)

    • menu.inc: 'session_update_6021'

    • bootstrap.inc: 'messages'

  • Modules:

    • Node: 'node_overview_filter' (admins only)

    • OpenID: 'openid' (not sure when this is set)

    • Book: 'book_update_6000','book_update_6000_orphans' (only on update)

    • Comment: 'comment_mode', 'comment_sort', 'comment_comments_per_page' (probably only for admins)