Page 1 of 1

Sigh, phpsessid appearing in urls and breaking pages

Posted: Fri Oct 20, 2006 2:49 am
by freefall
I'm building a cms and I've noticed 2 things.

a) phpsessid keeps appearing in urls
b) quite often links to new pages bring up blank pages until I hit ctrl-f5 (no its not my browser settings).

I am totally at a loss to whats going on. I have tried everything I can to remove the phpsessid from appearing but to no avail.

I am utterly bemused. Any help would be greatly appreciated.

Posted: Fri Oct 20, 2006 4:40 am
by volka
try setting session.use_trans_sid=off in your php.ini

Posted: Mon Oct 23, 2006 2:56 pm
by freefall
cant do that

I actually fixed it by setting it in the .htaccess file.

Crazy.

Posted: Mon Oct 23, 2006 4:26 pm
by RobertGonzalez
What did you do to fix this using .htaccess? From what I understand about PHP sessions, they first try to store a cookie and then write serialized session data to the host. If that doesn't work, PHP appends the URL with the session id as a way of grabbing information from GET instead of COOKIE. Blank pages suggest syntax errors in the code and display errors set to off. Maybe a headers already sent notice or something like that is triggering your blank pages.

Posted: Sun Nov 05, 2006 10:51 pm
by freefall
I added this to the .htaccess file

Code: Select all

<IfModule mod_php4.c>
php_value session.use_only_cookies 1
php_value session.use_trans_sid 0 
</IfModule>

Posted: Sun Nov 05, 2006 11:10 pm
by alex.barylski
phpsessid is stored in the URL when a user agent doesn't support cookies...you have no control over that

I can't see how having that ID propagated across your web site through your URL would cause any problems...except that maybe your experiencing a caching issue because of previously clean URL's then dirtied with PHPSESSID...

I need more details ;)

Posted: Sun Nov 05, 2006 11:51 pm
by aaronhall
Hockey wrote:phpsessid is stored in the URL when a user agent doesn't support cookies...you have no control over that
The server doesn't know whether or not the client supports cookies (because it isn't told). It can only print the "add cookie" header to the output buffer and hope that the client understands what it means. PHP doesn't not decide whether or not to use a transparent SID -- the setting is in php.ini under session.use_trans_sid.

Anyway, use_trans_sid has security issues -- try not to use it.

Posted: Sun Nov 12, 2006 12:23 am
by freefall
yeah, anothr good reason to do what I've done