PHPSESSID

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
jramaro
Forum Commoner
Posts: 58
Joined: Tue Jun 26, 2007 7:46 am

PHPSESSID

Post by jramaro »

I have site pages as (example) index.php , aboutus.php
Today when checking in on the site, Im seeing something that shouldn't be there .

now it has a PHPSESSID string which I never put there.
so now every page from the index.php looks something like:

aboutus.php?PHPSESSID=43634dhdhasjdhdsd

This is happening only on the index page, but again I never set these pages as PHP ids
Is this an exploit happening?

thanks
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: PHPSESSID

Post by Christopher »

You probably have trans_sess_id set to on. Check you configuration and the manual.
(#10850)
Post Reply