PHPSESSID

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

PHPSESSID

Post by mickd »

hi, for some reason my links sometimes have something like
&PHPSESSID=722ea5c328f0384286073b7bc949d7ab
in them, could anyone please help with why and how to prevent it from showing?

thanks, any help appriciated.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

You need to read up on PHP session ;)

In PHP, each session is referenced by an id. This id can be propagated from page to page either by appending it to the uri (as you have seen) or by storing it to a cookie (preferred).

There are a few PHP setting to can use to force cookie use: for example

Code: Select all

ini_set('session.use_trans_sid','0');
ini_set('session.use_only_cookies', '1');
Read the manual for more info...
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

if left there are those harmless?
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

perdy much. there is always the posibility for someone to hijack a session, example being i somehow figure out someone elses session id when they are logged and then change the numbers and stuff and that would allow them to be the other person. but this is not that easy to do and if your not some major website with a trillian visitors then you should not have any problems
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

the problem comes when someone copies a URL with that in it.. someone else uses the link and "steals" the session... so it's best to try to keep those to a minimum...
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

AFAIK, the order of preference for passing the session ID goes Cookie > Get > Post.

PHP session will add an input type hidden with the session ID if the other two fail from what I have seen.
User avatar
Gypsy
Forum Newbie
Posts: 1
Joined: Fri Sep 23, 2005 9:51 am

Post by Gypsy »

Hello,

Are you using full path links or are you just calling them by page title?

If you are using this technique:

Code: Select all

print "<a href=\"page.php\">Click Here</a>";
Try using the full path:

Code: Select all

print "<a href=\"http://www.domainname.com/page.php\">Click Here</a>";
See if that helps,
Gypsy
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

ive tried using these:

Code: Select all

ini_set('session.use_trans_sid','0'); 
ini_set('session.use_cookies','1');
ini_set('session.use_only_cookies', '1');
but they didnt appear to get rid of the sessid from the url.

what gypsy suggested works but i was just wondering if there was a way of making it work without using the full path url.

thanks in advance.
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

using

Code: Select all

ini_set('url_rewriter.tags', '');
seems to have fixed it.
nincha
Forum Contributor
Posts: 191
Joined: Fri Mar 28, 2003 12:30 pm
Location: CA, USA

Post by nincha »

yea, it works for me too.
Post Reply