Page 1 of 1

Does removing PHPSESSID cancel out sessions?

Posted: Thu Feb 19, 2009 7:55 pm
by Mr Tech
I've been doing some searching about PHPSESSID's and search engines and it apparently isn't good for rankings. There are some methods to get rid of it such as putting the following code in your PHP file:

php_flag session.use_trans_sid off

But does that cancel out all the sessions or just PHPSESSID?

Is there a better way to get rid of PHPSESSID's with some PHP code? Or is the best thing to do is only add session_start() to pages that really need it?

Re: Does removing PHPSESSID cancel out sessions?

Posted: Fri Feb 20, 2009 11:11 am
by pickle
I'm fairly confident setting a PHP session ID cookie has no effect on SEO. I can't imagine why any search engine would even take that into consideration.

Re: Does removing PHPSESSID cancel out sessions?

Posted: Sun Feb 22, 2009 6:21 pm
by Mr Tech
I think the problem is the search engines will sometimes index the URL like this:

http://www.domain.com/index.php?page=ab ... 4566677888

Because the PHPSESSID is different everytime, it stuffs the search engines around and causes duplicate content issues etc etc.

That's why I want to get rid of PHPSESSID. better safe than sorry. Is there a good way to do it?

Wordpress for example. Wouldn't it use sessions to login to its admin? It seems to get rid of it's PHPSESSID's...

Re: Does removing PHPSESSID cancel out sessions?

Posted: Sun Feb 22, 2009 6:57 pm
by php_east
Mr Tech wrote: I've been doing some searching about PHPSESSID's and search engines and it apparently isn't good for rankings. There are some methods to get rid of it such as putting the following code in your PHP file:

php_flag session.use_trans_sid off

But does that cancel out all the sessions or just PHPSESSID?

Is there a better way to get rid of PHPSESSID's with some PHP code? Or is the best thing to do is only add session_start() to pages that really need it?
from the PHP manual,


Passing the Session ID
There are two methods to propagate a session id:

Cookies
URL parameter

The session module supports both methods. Cookies are optimal, but because they are not always available, we also provide an alternative way. The second method embeds the session id directly into URLs.

PHP is capable of transforming links transparently. Unless you are using PHP 4.2 or later, you need to enable it manually when building PHP. Under Unix, pass --enable-trans-sid to configure. If this build option and the run-time option session.use_trans_sid are enabled, relative URIs will be changed to contain the session id automatically.

Note: The arg_separator.output php.ini directive allows to customize the argument seperator. For full XHTML conformance, specify & there.

Alternatively, you can use the constant SID which is defined if the session started. If the client did not send an appropriate session cookie, it has the form session_name=session_id. Otherwise, it expands to an empty string. Thus, you can embed it unconditionally into URLs.


thus, if a cookie was sent, SID is blank. very useful.

so, no it does not cancel out the session, but the particluar application would be messed up if they rely on this get mechanism to obtain session id. if not, you're fine, as the cookies will do the magic.

and session start should be start of session of the user on your site, regardless of the page
IMHO .

Re: Does removing PHPSESSID cancel out sessions?

Posted: Sun Feb 22, 2009 7:14 pm
by Mr Tech
Do you think worrying about people having cookies disabled is not worth my while? Will cookies do the trick?

Re: Does removing PHPSESSID cancel out sessions?

Posted: Fri Feb 27, 2009 5:35 pm
by php_east
nope, no worries, php takes care of that as per the above extract of php manual.