Page 1 of 1

PHP SESSION in URL

Posted: Sat Mar 10, 2007 11:18 am
by alex.barylski
I have a client who is having problems with a program inserting the SESSION ID in the URL. The obvious questions I asked:

1) Does your browser have cookies enabled
2) Check PHP config and see if session use COOKIE or GET

Here is a dump of their php.ini

Code: Select all

session 
Session Support enabled 
Registered save handlers files user 

Directive Local Value Master Value 
session.auto_start Off Off 
session.bug_compat_42 On On 
session.bug_compat_warn On On 
session.cache_expire 180 180 
session.cache_limiter nocache nocache 
session.cookie_domain no value no value 
session.cookie_lifetime 0 0 
session.cookie_path / / 
session.cookie_secure Off Off 
session.entropy_file no value no value 
session.entropy_length 0 0 
session.gc_divisor 100 100 
session.gc_maxlifetime 1440 1440 
session.gc_probability 1 1 
session.name PHPSESSID PHPSESSID 
session.referer_check no value no value 
session.save_handler files files 
session.save_path /tmp /tmp 
session.serialize_handler php php 
session.use_cookies On On 
session.use_only_cookies Off Off 
session.use_trans_sid On On
Incase I am missing something, does anyone see what might be forcing the use of GET SESSION persistence?

Thanks :)

Posted: Sat Mar 10, 2007 11:38 am
by feyd
If the cookie fails to set, for whatever reason, PHP will continue using the URL. The ini you have shown will, upon attempting to start the session, pass the information via URL, always. If the cookie is detected, it will not happen again (automatically) for the remainder of the session. This does not stop the scripts from adding it to links themselves however.

Posted: Sat Mar 10, 2007 2:50 pm
by alex.barylski
So it's likely the client browser having troubles...