Ok, maybe i've got it.
Following the suggestion by Skoda, i was missing the php.ini config for
; This directive determines which super global data (G,P,C,E & S) should
; be registered into the super global array REQUEST. If so, it also determines
; the order in which that data is registered. The values for this directive are
; specified in the same manner as the variables_order directive, EXCEPT one.
; Leaving this value empty will cause PHP to use the value set in the
; variables_order directive. It does not mean it will leave the super globals
; array REQUEST empty.
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
request_order = "GP"
Because our php.ini was migrated from time to time between system update/upgrade.
Adding this to our config , the $_REQUEST will be empty, as the cookies will not referenced anymore.
thanks a lot.