By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,642 Members | 1,687 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,642 IT Pros & Developers. It's quick & easy.

PHPSESSID in URL

P: n/a
Using PHP 4.3.4, I have a problem where some web pages appear and the
links all have PHPSESSID=4094c333eb638b1e8c25632212079e05 attached to
them. The HTML code itself does not have this text. Also, this
behavior quickly disappears after the first few clicks of browsing.

The site in question is located at http://www.havenbaptist.org/

Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
"O.B." wrote
Using PHP 4.3.4, I have a problem where some web pages appear and the
links all have PHPSESSID=4094c333eb638b1e8c25632212079e05 attached to
them. The HTML code itself does not have this text. Also, this
behavior quickly disappears after the first few clicks of browsing.


When using sessions, PHP needs to figger out whether or not cookies are
enabled. If not, PHP will fall back to so-called "URL rewriting" that : it
appends the session id to any (relative) URL.

However, PHP cannot tell if the cookie was accepted until the browser
requests the 2nd page. If the cookie is accepted then PHP will be sent the
value of that cookie when the visitor clicks a link. If it does, PHP will
then stop the URL rewriting for all further pages. If PHP is not sent the
cookie value, then PHP keeps using the rewriting. So, just in case cookies
are not enabled, PHP uses both the cookie and URL rewriting for the very
first page that is shown to the visitor, for otherwise PHP would never know
if a request is the first page or not.

Just check with, for example Mozilla Firefox or strict cookie settings in
Internet Explorer.

So, as any link on the very first page will show this PHP session id, you
could try to make a page that has no links at all. Like use

// in index.php
header("Location: my2ndpage.php");

to have PHP figger out the cookie thing on an empty index.php page... You
could also disable URL rewriting, but then there's no fall back mechanism
for your sessions. If you're not using any session at all, then there must
be some setting that starts a session automatically.

Adriaan
Jul 17 '05 #2

P: n/a
"Adriaan" wrote
// in index.php
header("Location: my2ndpage.php");


Obviously, prior to redirecting the visitor to the second page, you should
also start the session in index.php (if it is not started automatically).

Note that the same result would, automatically, be achieved when using
frames. PHP will send the cookie when index.php (defining the frameset) is
requested, and will get the cookie value back when the frames themselves are
loaded. That's all PHP needs to know to stop the URL rewriting.

Adriaan
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.