Page 1 of 1
session ID problem
Posted: Thu Aug 19, 2004 12:19 pm
by feral_shade
I am developing a website that uses sessions to keep users logged in. The problem is that, when the user first visits the page, before he/she has logged in, all of my links get "?PHPSESID=whatever" stuck onto them. This goes away once the user has logged on, and then reappears when he/she logs out. I am not very experienced with sessions as you might have guessed already, so if anyone can lend me a hand here I'd appreciate it.
If you want to see what I'm talking about go to
http://www.wehavenolife.net
Thanks.
Posted: Thu Aug 19, 2004 12:26 pm
by feyd
This is normal operation, as those are added by php's core (if you have the settings at around default) to all urls, this is to transmit the session id, in case the user has cookies disabled. If the cookie is detected on the following page, php's core doesn't add it anymore.
Posted: Thu Aug 19, 2004 12:31 pm
by feral_shade
Ok, thanks for the info.
I was just worried about possible security risks associated with this.
Posted: Thu Aug 19, 2004 12:36 pm
by feyd
if you wish to turn it off, change your php.ini settings to only cookies, and no trans_id in the sessions section.. I think that should do it.. then just restart your webserver to load the new settings.
Posted: Thu Aug 19, 2004 1:33 pm
by tim
if you dont have access to php.ini (as I dont) you can disable the trans_id via the .htaccess:
php_flag session.use_trans_sid off