Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

PHPSESSID

0 views

Skip to first unread message

Brian Huff

unread,

Jun 17, 2002, 5:50:40 PM6/17/02

to php-w...@lists.php.net

There is, but I dont think you want to do it...

if you recompile PHP with "--enable-trans-sid" turned off, then PHP will
not slap on that id at the end of the URL. However, if you do this, you
will completely lose the ability to track sessions when people dont have
cookies turned on.

You could manually rewrite EVERY page you use to pass hidden form fields
between pages, but that kind of code requires a hell of a lot of
maintenance.

personally, I'd just take a page from the book of REST and leave that
ugly session id on your URL. Both the Apple Store and Amazon do it...
and those are just the A's ;)

Brian 'Bex' Huff
b...@stellent.com
Phone: 952-903-2023
Fax: 952-829-5424

> PHP v.4.2.1
> Apache v1.3.x
> NT 4 workstation SP6
>
> I am using IE6 with the default (medium) cookie privacy settings.
>
> What I'm finding is that the session ID is being passed with the URL i.e.
> ?PHPSESSID=blahblah. I understand that PHP does this when it can't save
> session cookies on the client for some reason and this is borne out by the
> fact that when I set cookie privacy to 'Allow all cookies' the get string
> disappears.
>
> As most IE6 users will probably maintain default cookie settings - is there
> something else I can do to stop PHP putting the session ID in the URL?
> TIA
> Rich
>

0 new messages