PHPSESSID appearing in address
Moderator: General Moderators
PHPSESSID appearing in address
It appears to be sent as a query string in the address bar. I want it gone, obviously. I've taken a short stab as this problem before but never made too much progress. It's been awhile (wearing too many hats as usual), so I'd appreciate some basic pointers on this one.
you can use full path links as well
<a href=index.php>click</a>
to:
<a href=http://www.domain.com/index.php>click</a>
if you dont have access to php.ini, its possible to disable with .htaccess, if you need the code for that, let me know as I would have to dig for it
<a href=index.php>click</a>
to:
<a href=http://www.domain.com/index.php>click</a>
if you dont have access to php.ini, its possible to disable with .htaccess, if you need the code for that, let me know as I would have to dig for it
well let's discuss this for a second!
both my servers are identical in terms of configuration. the local and the live server both have session.use_cookies set to 1. however, I have NEVER noticed this problem on the local server, only on the live one. So it seems like that's not really the cause? I'm hesitant to go flipping it around on the live server without something to test against.
both my servers are identical in terms of configuration. the local and the live server both have session.use_cookies set to 1. however, I have NEVER noticed this problem on the local server, only on the live one. So it seems like that's not really the cause? I'm hesitant to go flipping it around on the live server without something to test against.
edit: discovered the cause of THAT problem... our sysadmin has in fact set use_trans_sid enabled on the live server. So now I know what to do to get rid of that... but he says he did it intentionally to cater to users with cookies disabled. My initial response to this is: who on earth doing e-commerce has cookies disabled? But I don't have any facts or figures to back that up, really. So if anyone can help me in that regard, I'd appreciate it.
Secondly, he says (and I believe) it should be transparent unless needed. But clearly that's not the case, because I browse with cookies enabled and regularly end up seeing PHPSESSID sent in the URL anyway. So either this doesn't work properly or it's been misconfigured somewhere.
Secondly, he says (and I believe) it should be transparent unless needed. But clearly that's not the case, because I browse with cookies enabled and regularly end up seeing PHPSESSID sent in the URL anyway. So either this doesn't work properly or it's been misconfigured somewhere.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
I'd have to agree to your second part there Unipus.. I routinely get session id's set in the url...
as for the first part, although I have no data to back this up, most sites I visit require cookies, especially commerce sites. True it'd be nicer to allow people to not have cookies enabled.. that same mentality would have me making games on EGA colors still, using direct interupts..
as for the first part, although I have no data to back this up, most sites I visit require cookies, especially commerce sites. True it'd be nicer to allow people to not have cookies enabled.. that same mentality would have me making games on EGA colors still, using direct interupts..
- launchcode
- Forum Contributor
- Posts: 401
- Joined: Tue May 11, 2004 7:32 pm
- Location: UK
- Contact:
- launchcode
- Forum Contributor
- Posts: 401
- Joined: Tue May 11, 2004 7:32 pm
- Location: UK
- Contact:
- launchcode
- Forum Contributor
- Posts: 401
- Joined: Tue May 11, 2004 7:32 pm
- Location: UK
- Contact:
It does it because that is what you have set in the php.ini.
What you want is perfectly possible - just enable the trans_id in your php.ini and then in your script check to see if the user supports cookies or not. If they do, use this before any session commands:
ini_set('session.use_only_cookies', '1');
Then the trans ID is hidden for all cookie users and available for all cookie-blocking weirdos.
This is not a bug, PHP should never assume to do something like this for you.
What you want is perfectly possible - just enable the trans_id in your php.ini and then in your script check to see if the user supports cookies or not. If they do, use this before any session commands:
ini_set('session.use_only_cookies', '1');
Then the trans ID is hidden for all cookie users and available for all cookie-blocking weirdos.
This is not a bug, PHP should never assume to do something like this for you.