Server sending Set-Cookie with different value on every request

Our Zope server is sending a d开发者_StackOverflow社区ifferent value for the same cookie every time I request a page. I'm not sure why it would be doing this. Does it sound like it would be intentional or a misconfiguration issue we have? It seems to only start doing this after someone logs in.

It looks like the Extensible User Folder add-on we are using is responsible for doing it.

It looks like exUserFolder is doing this intentionally. Probably for the purpose of attempting to add more security.

In order to figure out offending software sending cookies I suggest to add a debugger call into the ZPublisher setCookie() method. At least a debugging message will tell you when a cookie is send. And if necessary you can investigate with pdb.set_trace() the call stack to figure out the code actually calling setCookie().