 Re: PHPSESSID in URL
"O.B." wrote[color=blue]
> Using PHP 4.3.4, I have a problem where some web pages appear and the
> links all have PHPSESSID=4094c333eb638b1e8c25632212079e05 attached to
> them. The HTML code itself does not have this text. Also, this
> behavior quickly disappears after the first few clicks of browsing.[/color]
When using sessions, PHP needs to figger out whether or not cookies are
enabled. If not, PHP will fall back to so-called "URL rewriting" that : it
appends the session id to any (relative) URL.
However, PHP cannot tell if the cookie was accepted until the browser
requests the 2nd page. If the cookie is accepted then PHP will be sent the
value of that cookie when the visitor clicks a link. If it does, PHP will
then stop the URL rewriting for all further pages. If PHP is not sent the
cookie value, then PHP keeps using the rewriting. So, just in case cookies
are not enabled, PHP uses both the cookie and URL rewriting for the very
first page that is shown to the visitor, for otherwise PHP would never know
if a request is the first page or not.
Just check with, for example Mozilla Firefox or strict cookie settings in
Internet Explorer.
So, as any link on the very first page will show this PHP session id, you
could try to make a page that has no links at all. Like use
// in index.php
header("Location: my2ndpage.php");
to have PHP figger out the cookie thing on an empty index.php page... You
could also disable URL rewriting, but then there's no fall back mechanism
for your sessions. If you're not using any session at all, then there must
be some setting that starts a session automatically.
Adriaan
| 
