It would seem mod_session_dbd causes duplicate set-cookie headers, this has been an issue for many years (10+) with reports going unresolved

I am re-reporting this issue in hopes it gains some traction

Here is a complete, basic configuration to reproduce the issue


ServerRoot "C:/Apache24"
Listen 80

LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule session_module modules/mod_session.so
LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule dir_module modules/mod_dir.so

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DBDriver odbc
DBDParams "odbc_connection_string"
DBDKeep     10
DBDMax      10
DBDMin      3

DBDPrepareSQL "select value from sessions where token = %s and (expiry = 0 or expiry > %lld)" selectsession 
DBDPrepareSQL "delete from sessions where token = %s" deletesession 
DBDPrepareSQL "insert into sessions (value, expiry, token) values (%s, %lld, %s)" insertsession 
DBDPrepareSQL "update sessions set value = %s, expiry =  %lld, token = %s where token = %s" updatesession 
DBDPrepareSQL "delete from sessions where expiry != 0 and expiry < %lld" cleansession

DocumentRoot "C:/Apache24/htdocs"
<Directory "C:/Apache24/htdocs">
    Require all granted
    Session On
    SessionDBDCookieName test path=/
    SessionMaxAge 604800
    SessionEnv on
    SessionHeader X-Replace-Session
</Directory>


<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>