Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

What can be done about PHPSESSID ?

1 view
Skip to first unread message

newsprofile

unread,
Nov 7, 2002, 9:25:56 PM11/7/02
to
This gets added to the url all the time on our sites. I know it's neccesary,
but can it be kept away from the url?

e.g. I get .....
<http://www.local-hotel.com/search.html?PHPSESSID=fc02606f8d43f1de992f7e4075
9a4586&name=&town=&postcode=&country=uk>

Thanks for the help


Bob Stevens

unread,
Nov 7, 2002, 10:04:11 PM11/7/02
to
It can be configured in php.ini not require it (I think) or perhaps it has
to be compiled in. Best I recall, the constant SID is set whenever cookies
are disabled, but when they're present, the session ID is never shown, or at
least how I've got PHP configured (pretty much the default configs).

Bob

"newsprofile" <newsp...@hotmail.com> wrote in message
news:UgFy9.3929$%F1.32...@news-text.cableinet.net...

Arjan van Bentem

unread,
Nov 8, 2002, 4:35:30 AM11/8/02
to
"newsprofile" wrote

> This gets added to the url all the time on our sites. I know it's neccesary,
> but can it be kept away from the url?

Just like Bob already answered: if cookies are accepted then you won't see it.
Check the value of session.use_cookies.

To avoid seeing the URL when cookies are rejected you might use POST instead of
GET, if you don't have other <a href=...> tags. Of course, also a simple
<frameset> might hide the URL from the address bar.

a.


Carsten Saathoff

unread,
Nov 8, 2002, 4:45:52 AM11/8/02
to
Arjan van Bentem <avbe...@DONT-YOU-DARE-dds.nl> wrote:

> GET, if you don't have other <a href=...> tags. Of course, also a simple
> <frameset> might hide the URL from the address bar.

But the user can't bookmark a site any longer. Using a frameset to hide
the actual URL doesn't make any sense. URL-Parameters are a part of an
URL and why should you want to hide them? The same goes for POST. POST
isn't meant for hiding URLs but for transferring data, that should only
be sent once.

Greetings

Carsten

--
Carsten Saathoff ...powered by Linux ICQ #52558095

Abhor common norms, life's yours to form.
<Ebony Tears>

Arjan van Bentem

unread,
Nov 8, 2002, 8:18:08 AM11/8/02
to
"Carsten Saathoff" wrote

> > also a simple <frameset> might hide the URL from the address bar.
>
> But the user can't bookmark a site any longer.

Is that really still an issue with modern browsers? My browser has no problem
bookmarking framesets whatsoever and I don't even remember when that was a new
feature -- nor do I know how it works. Ohhh, now that I tested it: you're
right, Internet Explorer does it, but the latest Netscape Navigator does not...

Don't get me wrong: apart from bookmarking I also like sites that give you a
URL that you can sent to others by e-mail. I've myself used Apache's URL
rewriting a lot to get URLs like

mysite.com/news

but meanwhile also allow for URLs like

mysite.com/news/
mysite.com/news.php
mysite.com/news.html
mysite.com/news/index.html
mysite.com/en/news
mysite.com/en/news/
mysite.com/en/news.html

where all would in fact end up serving /en/news.php without the user having a
need to know about it.

> POST isn't meant for hiding URLs but for transferring data, that
> should only be sent once.

I agree. Or something like "for transferring data, that could result in a
different action or have a different response each time it is sent".

Nevertheless, *if* one wants the parameters to be hidden (like if one does not
want one to bookmark a page, but wants one to go through the frontpage with the
advertisements every visit), then it might be an option to use POST. Annoying,
I know...

a.

0 new messages