sign in | join about | help | sitemap
Connecting Tech Pros Worldwide
Membership is free - Join the Bytes Network
Bytes > Archives > PHP
O.B.'s Avatar

PHPSESSID in URL


Question posted by: O.B. (Guest) on July 17th, 2005 05:58 AM
Using PHP 4.3.4, I have a problem where some web pages appear and the
links all have PHPSESSID=4094c333eb638b1e8c25632212079e05 attached to
them. The HTML code itself does not have this text. Also, this
behavior quickly disappears after the first few clicks of browsing.

The site in question is located at http://www.havenbaptist.org/

2 Answers Posted
Adriaan's Avatar
Guest - n/a Posts
#2: Re: PHPSESSID in URL

"O.B." wrote[color=blue]
> Using PHP 4.3.4, I have a problem where some web pages appear and the
> links all have PHPSESSID=4094c333eb638b1e8c25632212079e05 attached to
> them. The HTML code itself does not have this text. Also, this
> behavior quickly disappears after the first few clicks of browsing.[/color]

When using sessions, PHP needs to figger out whether or not cookies are
enabled. If not, PHP will fall back to so-called "URL rewriting" that : it
appends the session id to any (relative) URL.

However, PHP cannot tell if the cookie was accepted until the browser
requests the 2nd page. If the cookie is accepted then PHP will be sent the
value of that cookie when the visitor clicks a link. If it does, PHP will
then stop the URL rewriting for all further pages. If PHP is not sent the
cookie value, then PHP keeps using the rewriting. So, just in case cookies
are not enabled, PHP uses both the cookie and URL rewriting for the very
first page that is shown to the visitor, for otherwise PHP would never know
if a request is the first page or not.

Just check with, for example Mozilla Firefox or strict cookie settings in
Internet Explorer.

So, as any link on the very first page will show this PHP session id, you
could try to make a page that has no links at all. Like use

// in index.php
header("Location: my2ndpage.php");

to have PHP figger out the cookie thing on an empty index.php page... You
could also disable URL rewriting, but then there's no fall back mechanism
for your sessions. If you're not using any session at all, then there must
be some setting that starts a session automatically.

Adriaan


Adriaan's Avatar
Guest - n/a Posts
#3: Re: PHPSESSID in URL

"Adriaan" wrote[color=blue]
> // in index.php
> header("Location: my2ndpage.php");[/color]

Obviously, prior to redirecting the visitor to the second page, you should
also start the session in index.php (if it is not started automatically).

Note that the same result would, automatically, be achieved when using
frames. PHP will send the cookie when index.php (defining the frameset) is
requested, and will get the cookie value back when the frames themselves are
loaded. That's all PHP needs to know to stop the URL rewriting.

Adriaan


 
Not the answer you were looking for? Post your question . . .
197,008 members ready to help you find a solution.
Join Bytes.com

What is Bytes?

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 197,008 network members.
Post your question now . . .
It's fast and it's free

Popular Articles

Top Community Contributors
Quick Browse:
Communities / Archives
XML / CSS | HTML | Javascript | PHP | Perl | Visual Basic | Python | C++ / C | Java | .NET / C# / VB / XML / ASP.net | ASP
PostgreSQL | MS SQL | Oracle | IBM DB2 | MS Access | MySQL

About Bytes | Sitemap | Privacy Policy | Terms of Use
Copyright 1995-2008 Bytes.com. All rights Reserved