What actually happens with CodeIgniter session/cookies

By default, CodeIgniter stores session in the client's cookies. Every time you modify the session by calling set/unsetuserdata, a new record is inserted into the response header, containing the full cookie, plus the modification. You essentially end up with a response that may contain multiple setcookie lines. This is important because it may bloat your responses with unused data and cause undesired behavior, such as getting blocked by a CDN. (Cloudflare)

FYI: I have nothing against the default CodeIgniter session scheme, it works well for small projects. For larger projects, memcached is the way to go.