Turning off PHPSESSID

44 views
Skip to first unread message

James

unread,
Mar 21, 2005, 5:05:55 PM3/21/05
to

PHP is making a right mess at the moment and insists on putting a
PHPSESSID in forms, urls and other spots on a script I am running. Is
there any way to stop it doing this? Part of the issue is it is
inserting an ampersand in the url instead of & --- ampersands are
not valid HTML Trans and I am trying to make sure my pages are valid.

Forgive me if I have asked this already today - I've been sitting here
for hours wondering if I indeed posted this question or not. Very
tired and frustrated atm.

J

Alvaro G. Vicario

unread,
Mar 21, 2005, 5:15:26 PM3/21/05
to
*** James escribió/wrote (21 Mar 2005 14:05:55 -0800):
> PHP is making a right mess at the moment and insists on putting a
> PHPSESSID in forms, urls and other spots on a script I am running. Is
> there any way to stop it doing this?

Change this in PHP.INI:

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0


> Part of the issue is it is
> inserting an ampersand in the url instead of & --- ampersands are
> not valid HTML Trans and I am trying to make sure my pages are valid.

; The separator used in PHP generated URLs to separate arguments.
; Default is "&".
;arg_separator.output = "&"


--
-+ Álvaro G. Vicario - Burgos, Spain
+- http://www.demogracia.com (la web de humor barnizada para la intemperie)
++ No envíes tu dudas a mi correo, publícalas en el grupo
-+ Do not send me your questions, post them to the group
--

Peter Albertsson

unread,
Mar 21, 2005, 5:08:27 PM3/21/05
to
Make sure that you have 'session.use_trans_sid' turned off.

Check your php.ini file, and if it is not there, add:

session.use_trans_sid = Off

Alternativly, add this to your scripts:

ini_set('session.use_trans_sid', 0);

Best regards,

Peter


"James" <star...@gmail.com> wrote in message
news:1111442755....@z14g2000cwz.googlegroups.com...

R. Rajesh Jeba Anbiah

unread,
Mar 23, 2005, 1:52:42 PM3/23/05
to
Q: When using session all the links are appended with PHPSESSID. How to
avoid that?
Q: How should I turn on or off the trans sid support?

A: when the "session.use_trans_sid" setting in php.ini is enabled, PHP
will append the session id in all relative links of the webpage. trans
sid feature helps to propagate the session id even if the browser
cookie is disabled.
To turn on or off:
1. Edit the php.ini file
2. Edit .htaccess file and set the PHP value (if you don't have
access to php.ini). This will work only in mod_php
3. Use ini_set() function <http://www.php.net/ini_set> in the script
and enable/disable this feature.

Caveats:
(3) will work only in PHP 5; previous versions don't allow to change
via ini_set(). To enable/disable this feature via script, you have to
use other hacks.
To enable:
Add the following lines in the beginning of your script:
session_start();
output_add_rewrite_var(session_name(), session_id());
To disable:
Add the following lines in the beginning of your script:
session_start();
output_reset_rewrite_vars();

or add the following lines:
ini_set('url_rewriter.tags', '');
session_start();

Refer:
http://www.php.net/ini_set
http://www.php.net/output_add_rewrite_var
http://www.php.net/output_reset_rewrite_vars

++++
@todo More info on htaccess trick. Or should find a separate question
on the ini settings.

Reply all
Reply to author
Forward
0 new messages