PHP

Why does using session.use_strict_mode return 2 session cookies?

There is a fresh php 5.5.7.
I ran into a problem when I set a parameter in the php.ini settings to use_strict_mode=1 .
When I climb without the old session, the server responds with two session cookies:

> GET / HTTP/1.1
> User-Agent: curl/7.32.0
> Host: gate
> Accept: */*
> 
< HTTP/1.1 401 Unauthorized
< Server: nginx/1.4.1
< Date: Mon, 30 Dec 2013 09:36:52 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: token=augfa22hm7dh075esvb5n83mf0
< Set-Cookie: token=42jrgfrnrp40lmbo8hbd0ufg40
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache

During the debugging process, it was revealed that this is a feature of the implementation in php, i.e. these cookies appear immediately after a single call to session_start() .
The second cookie is valid, suitable for using the session and there is no problem with further work with the session.
Of course, you can rewrite the validation on the client side or abandon this mode altogether, but I would not want to, given that this functionality seems to eliminate one potential vulnerability. Read more here https://wiki.php.net/rfc/strict_sessions