View Issue Details

IDProjectCategoryView StatusLast Update
0001721XdebugUsage problems (Wrong Results)public2020-02-03 10:14
ReportermlocatiAssigned To 
Status confirmedResolutionopen 
PlatformPCOSWindows 10OS Version1909
Product Version2.8.1 
Target Version3.0.0devFixed in Version 
Summary0001721: Unablt to stop debug session - XDEBUG_SESSION cookie not deleted
DescriptionI use Eclipse + PDT.

When starting a web debug session, PDT calls the website URL with an URL like this:

The server response contains this header:

Set-Cookie: XDEBUG_SESSION=ECLIPSE_DBGP; expires=Thu, 05-Dec-2019 01:56:03 GMT; Max-Age=43200; path=/

and I can do a step-by-step debugging in Eclipse.

When I stop the debugging session, PDT calls this URL:


In previous Xdebug versions I had no issues, but now the response to that second URL is:

HTTP/1.1 200 OK
Date: Wed, 04 Dec 2019 13:56:10 GMT
Server: Apache/2.4.37 (Win32) OpenSSL/1.1.1a PHP/7.4.0
X-Powered-By: PHP/7.4.0
Content-Length: 117
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Warning: Header may not contain NUL bytes in Unknown on line 0


And the XDEBUG_SESSION cookie is not deleted (so, the debug session remains active).
Operating System
PHP Version7.4.0-7.4.4



2019-12-04 14:13

reporter   ~0005193

PS; PHP version is actually 7.4.0, but it's not available in the dropdown list
PPS: the second URL (used to actually stop the debugging session) is


2020-01-12 16:06

administrator   ~0005211

I've fixed the warning through, and I can indeed reproduce your problem. For some reason, although Xdebug sets the cookie with PHPs internal php_setcookie function, it never makes it into the headers that are sent out. That's going to take more investigation.

However, I would recommend that instead of these two GET/POST parameters, you use one of the browser extensions to activate an Xdebug session instead: — that way, you can click on an icon in your browser without having to press "Go" in your IDE.


2020-02-03 10:14

reporter   ~0005234

I just updated to xdebug 2.9.2 and the issue is still there:

C:\>php -v
PHP 7.4.2 (cli) (built: Jan 21 2020 17:53:48) ( ZTS Visual C++ 2017 x86 )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Xdebug v2.9.2, Copyright (c) 2002-2020, by Derick Rethans

When browsing to my local development server to stop the Xdebug session (eg to http://localhost:11031/?XDEBUG_SESSION_STOP_NO_EXEC=ECLIPSE_DBGP&KEY=15807217074863) the browser sends this request:

GET http://localhost:11031/?XDEBUG_SESSION_STOP_NO_EXEC=ECLIPSE_DBGP&KEY=15807217074863 HTTP/1.1
Host: localhost:11031
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Accept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7

And the server still answers with

HTTP/1.1 200 OK
Date: Mon, 03 Feb 2020 10:11:55 GMT
Server: Apache/2.4.37 (Win32) OpenSSL/1.1.1a PHP/7.4.2
X-Powered-By: PHP/7.4.2
Content-Length: 117
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Warning: Header may not contain NUL bytes in Unknown on line 0


As you can see, the cookie is not deleted, and the warning is still there.

Issue History

Date Modified Username Field Change
2019-12-04 14:07 mlocati New Issue
2019-12-04 14:07 mlocati Tag Attached: XDEBUG_SESSION
2019-12-04 14:13 mlocati Note Added: 0005193
2020-01-12 16:06 derick Note Added: 0005211
2020-01-12 16:06 derick Status new => confirmed
2020-01-12 16:06 derick Target Version => 3.0.0dev
2020-01-12 16:06 derick PHP Version 7.4alpha => 7.4.0-7.4.4
2020-02-03 10:14 mlocati Note Added: 0005234