Page 1 of 1
Getting rid of PHPSESSID
Posted: Fri Oct 21, 2005 5:41 am
by mjseaden
Hello,
Some of my links are showing the dreaded ?PHPSESSID=xxxxxxxxxxxxxxxxx. How do I prevent this from showing up, including for when the search engines spider the site?
Many thanks
Mark
Posted: Fri Oct 21, 2005 5:44 am
by Jenk
Put this at top of your script(s):
Code: Select all
ini_set('session.use_cookies', '1');
ini_set('session.use_only_cookies', '1');
Though I can't remember off top of my head if they should be int's or strings, so might be:
Code: Select all
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
Posted: Fri Oct 21, 2005 11:39 pm
by raghavan20
Somewhere I hv heard that passing session variables by URL is safer rather by cookies
It's not a problem if you have the PHPSESSID as one of the URL parameters. But if you quite sure about the advantages of passing by cookies over URL, then you could use the statements suggested in the former post.
Posted: Fri Oct 21, 2005 11:52 pm
by Jenk
The biggest concern with using GET (uri) variables for session id, is what if one of the users copy and pastes the link, and sends to a friend?
With cookies you don't get that and quite frankly, cookies is the safest method for storing session id.