Getting rid of PHPSESSID

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Getting rid of PHPSESSID

Post by mjseaden »

Hello,

Some of my links are showing the dreaded ?PHPSESSID=xxxxxxxxxxxxxxxxx. How do I prevent this from showing up, including for when the search engines spider the site?

Many thanks

Mark
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Put this at top of your script(s):

Code: Select all

ini_set('session.use_cookies', '1');
ini_set('session.use_only_cookies', '1');
Though I can't remember off top of my head if they should be int's or strings, so might be:

Code: Select all

ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

Somewhere I hv heard that passing session variables by URL is safer rather by cookies :roll:

It's not a problem if you have the PHPSESSID as one of the URL parameters. But if you quite sure about the advantages of passing by cookies over URL, then you could use the statements suggested in the former post.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

The biggest concern with using GET (uri) variables for session id, is what if one of the users copy and pastes the link, and sends to a friend?

With cookies you don't get that and quite frankly, cookies is the safest method for storing session id.
Post Reply