Page 1 of 1
PHPSESSID
Posted: Fri Sep 23, 2005 7:23 am
by mickd
hi, for some reason my links sometimes have something like
&PHPSESSID=722ea5c328f0384286073b7bc949d7ab
in them, could anyone please help with why and how to prevent it from showing?
thanks, any help appriciated.
Posted: Fri Sep 23, 2005 7:37 am
by Maugrim_The_Reaper
You need to read up on PHP session
In PHP, each session is referenced by an id. This id can be propagated from page to page either by appending it to the uri (as you have seen) or by storing it to a cookie (preferred).
There are a few PHP setting to can use to force cookie use: for example
Code: Select all
ini_set('session.use_trans_sid','0');
ini_set('session.use_only_cookies', '1');
Read the manual for more info...
Posted: Fri Sep 23, 2005 7:47 am
by mickd
if left there are those harmless?
Posted: Fri Sep 23, 2005 7:53 am
by shiznatix
perdy much. there is always the posibility for someone to hijack a session, example being i somehow figure out someone elses session id when they are logged and then change the numbers and stuff and that would allow them to be the other person. but this is not that easy to do and if your not some major website with a trillian visitors then you should not have any problems
Posted: Fri Sep 23, 2005 8:15 am
by feyd
the problem comes when someone copies a URL with that in it.. someone else uses the link and "steals" the session... so it's best to try to keep those to a minimum...
Posted: Fri Sep 23, 2005 8:26 am
by Jenk
AFAIK, the order of preference for passing the session ID goes Cookie > Get > Post.
PHP session will add an input type hidden with the session ID if the other two fail from what I have seen.
Posted: Fri Sep 23, 2005 9:59 am
by Gypsy
Hello,
Are you using full path links or are you just calling them by page title?
If you are using this technique:
Code: Select all
print "<a href=\"page.php\">Click Here</a>";
Try using the full path:
Code: Select all
print "<a href=\"http://www.domainname.com/page.php\">Click Here</a>";
See if that helps,
Gypsy
Posted: Tue Sep 27, 2005 11:38 pm
by mickd
ive tried using these:
Code: Select all
ini_set('session.use_trans_sid','0');
ini_set('session.use_cookies','1');
ini_set('session.use_only_cookies', '1');
but they didnt appear to get rid of the sessid from the url.
what gypsy suggested works but i was just wondering if there was a way of making it work without using the full path url.
thanks in advance.
Posted: Thu Sep 29, 2005 2:07 am
by mickd
using
seems to have fixed it.
Posted: Fri Oct 07, 2005 11:58 am
by nincha
yea, it works for me too.