By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
448,496 Members | 1,266 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 448,496 IT Pros & Developers. It's quick & easy.

Turning off PHPSESSID

P: n/a

PHP is making a right mess at the moment and insists on putting a
PHPSESSID in forms, urls and other spots on a script I am running. Is
there any way to stop it doing this? Part of the issue is it is
inserting an ampersand in the url instead of & --- ampersands are
not valid HTML Trans and I am trying to make sure my pages are valid.

Forgive me if I have asked this already today - I've been sitting here
for hours wondering if I indeed posted this question or not. Very
tired and frustrated atm.

J

Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Make sure that you have 'session.use_trans_sid' turned off.

Check your php.ini file, and if it is not there, add:

session.use_trans_sid = Off

Alternativly, add this to your scripts:

ini_set('session.use_trans_sid', 0);

Best regards,

Peter
"James" <st******@gmail.com> wrote in message
news:11********************@z14g2000cwz.googlegrou ps.com...

PHP is making a right mess at the moment and insists on putting a
PHPSESSID in forms, urls and other spots on a script I am running. Is
there any way to stop it doing this? Part of the issue is it is
inserting an ampersand in the url instead of &amp; --- ampersands are
not valid HTML Trans and I am trying to make sure my pages are valid.

Forgive me if I have asked this already today - I've been sitting here
for hours wondering if I indeed posted this question or not. Very
tired and frustrated atm.

J

Jul 17 '05 #2

P: n/a
*** James escribió/wrote (21 Mar 2005 14:05:55 -0800):
PHP is making a right mess at the moment and insists on putting a
PHPSESSID in forms, urls and other spots on a script I am running. Is
there any way to stop it doing this?
Change this in PHP.INI:

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

Part of the issue is it is
inserting an ampersand in the url instead of &amp; --- ampersands are
not valid HTML Trans and I am trying to make sure my pages are valid.


; The separator used in PHP generated URLs to separate arguments.
; Default is "&".
;arg_separator.output = "&amp;"
--
-+ Álvaro G. Vicario - Burgos, Spain
+- http://www.demogracia.com (la web de humor barnizada para la intemperie)
++ No envíes tu dudas a mi correo, publícalas en el grupo
-+ Do not send me your questions, post them to the group
--
Jul 17 '05 #3

P: n/a
Q: When using session all the links are appended with PHPSESSID. How to
avoid that?
Q: How should I turn on or off the trans sid support?

A: when the "session.use_trans_sid" setting in php.ini is enabled, PHP
will append the session id in all relative links of the webpage. trans
sid feature helps to propagate the session id even if the browser
cookie is disabled.
To turn on or off:
1. Edit the php.ini file
2. Edit .htaccess file and set the PHP value (if you don't have
access to php.ini). This will work only in mod_php
3. Use ini_set() function <http://www.php.net/ini_set> in the script
and enable/disable this feature.

Caveats:
(3) will work only in PHP 5; previous versions don't allow to change
via ini_set(). To enable/disable this feature via script, you have to
use other hacks.
To enable:
Add the following lines in the beginning of your script:
session_start();
output_add_rewrite_var(session_name(), session_id());
To disable:
Add the following lines in the beginning of your script:
session_start();
output_reset_rewrite_vars();

or add the following lines:
ini_set('url_rewriter.tags', '');
session_start();

Refer:
http://www.php.net/ini_set
http://www.php.net/output_add_rewrite_var
http://www.php.net/output_reset_rewrite_vars

++++
@todo More info on htaccess trick. Or should find a separate question
on the ini settings.

Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.