session ID problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
feral_shade
Forum Newbie
Posts: 4
Joined: Thu Aug 19, 2004 12:19 pm

session ID problem

Post by feral_shade »

I am developing a website that uses sessions to keep users logged in. The problem is that, when the user first visits the page, before he/she has logged in, all of my links get "?PHPSESID=whatever" stuck onto them. This goes away once the user has logged on, and then reappears when he/she logs out. I am not very experienced with sessions as you might have guessed already, so if anyone can lend me a hand here I'd appreciate it.

If you want to see what I'm talking about go to

http://www.wehavenolife.net

Thanks.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

This is normal operation, as those are added by php's core (if you have the settings at around default) to all urls, this is to transmit the session id, in case the user has cookies disabled. If the cookie is detected on the following page, php's core doesn't add it anymore.
feral_shade
Forum Newbie
Posts: 4
Joined: Thu Aug 19, 2004 12:19 pm

Post by feral_shade »

Ok, thanks for the info.

I was just worried about possible security risks associated with this.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

if you wish to turn it off, change your php.ini settings to only cookies, and no trans_id in the sessions section.. I think that should do it.. then just restart your webserver to load the new settings.
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

if you dont have access to php.ini (as I dont) you can disable the trans_id via the .htaccess:

php_flag session.use_trans_sid off
Post Reply