SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    Pragmatic Programmer halfasleeps's Avatar
    Join Date
    Feb 2006
    Location
    Altoona, PA. USA
    Posts
    1,945
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHPSESSID keeps poping up in address bar??

    on my website i keep noticing that at random times something like PHPSESSID=72b480fac7a024a490e9ee0d48eeae6f will be passed in the address bar as a GET var. I don't understand why...i did not program that....is someone hijacking my site or is that something else?

    Thanks.
    Altoona Design
    Freelance Flex developer for hire.
    ActionScript Programmer with 8 Years Experience.

  2. #2
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP automatically rewrites URLs to include the session ID if the user's browser doesn't accept cookies, or if PHP hasn't yet determined that the browser accepts cookies.

  3. #3
    Pragmatic Programmer halfasleeps's Avatar
    Join Date
    Feb 2006
    Location
    Altoona, PA. USA
    Posts
    1,945
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    great thinks.....now I can stop panicing lol
    Altoona Design
    Freelance Flex developer for hire.
    ActionScript Programmer with 8 Years Experience.

  4. #4
    I meant that to happen silver trophybronze trophy Raffles's Avatar
    Join Date
    Sep 2005
    Location
    Tanzania
    Posts
    4,662
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I think it also happens if you do session_start() after outputting stuff to the browser.

  5. #5
    SitePoint Addict dbr's Avatar
    Join Date
    Aug 2006
    Location
    Tucked away in the mountains...
    Posts
    228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    change trans_sid in php.ini

    You can edit your php.ini file to disable passing the sessionID in the URL.
    Search your php.ini file to find:
    session.use_trans_sid = 1

    Change that to:
    session.use_trans_sid = 0

    And, you should be good to go if you don't want the sessionID passed in the URL
    ; trans sid support is disabled by default.
    ; Use of trans sid may risk your users security.
    ; Use this option with caution.
    ; - User may send URL contains active session ID
    ; to other person via. email/irc/etc.
    ; - URL that contains active session ID may be stored
    ; in publically accessible computer.
    ; - User may access your site with the same session ID
    ; always using URL stored in browser's history or bookmarks.
    session.use_trans_sid = 0
    "Three components make an entrepreneur:
    the person, the idea, and the resources to make it happen."
    Anita Roddick ~British entrepreneur
    dbr founder of: ProximityCast.com

  6. #6
    Pragmatic Programmer halfasleeps's Avatar
    Join Date
    Feb 2006
    Location
    Altoona, PA. USA
    Posts
    1,945
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dbr View Post
    You can edit your php.ini file to disable passing the sessionID in the URL.
    Search your php.ini file to find:
    session.use_trans_sid = 1

    Change that to:
    session.use_trans_sid = 0

    And, you should be good to go if you don't want the sessionID passed in the URL
    Thanks for the info, in this case I don't think I have the ability to edit the php.ini since I am using a hosting company. I don't mind the sessid being displayed tho, I just didn't know why it was there and wanted to make sure something bad wasn't going on. lol
    Altoona Design
    Freelance Flex developer for hire.
    ActionScript Programmer with 8 Years Experience.

  7. #7
    SitePoint Addict dbr's Avatar
    Join Date
    Aug 2006
    Location
    Tucked away in the mountains...
    Posts
    228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Depends... If you have access to a cgibin you can place your own php.ini there that should trump their default.
    Sometimes just putting a php.ini in your sites main directory will trump the default. In my case I had to place it in the cgibin.
    There are pros and cons with having the session ID attached to the URL. But, overall you are probably fine. The main reason for it are for users who don't like cookies and turn them off in their browser to still use sessions.

    Good luck!
    "Three components make an entrepreneur:
    the person, the idea, and the resources to make it happen."
    Anita Roddick ~British entrepreneur
    dbr founder of: ProximityCast.com

  8. #8
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,560
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you do not have permission to edit php.ini, you can edit these variables from .htaccess (in most of the cases i.e. unless you host explicitly disables it).

  9. #9
    SitePoint Wizard wheeler's Avatar
    Join Date
    Mar 2006
    Location
    Gold Coast, Australia
    Posts
    1,369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dbr View Post
    Depends... If you have access to a cgibin you can place your own php.ini there that should trump their default.
    Sometimes just putting a php.ini in your sites main directory will trump the default. In my case I had to place it in the cgibin.
    There are pros and cons with having the session ID attached to the URL. But, overall you are probably fine. The main reason for it are for users who don't like cookies and turn them off in their browser to still use sessions.

    Good luck!
    This is interesting, I couldn't get a straight answer from my hosting company about where to place a php.ini file, they said to place a php.ini in the site root, and it didn't work. I did get the htaccess method working fine, but i'm going to have to try this cgi-bin method!

    how many variations could there possibly be on whm/cpanel anyway?
    Studiotime - Time Management for Web Developers
    to-do's, messages, invoicing, reporting - 30 day free trial!
    Thomas Multimedia Web Development

  10. #10
    SitePoint Zealot
    Join Date
    Mar 2007
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    who is your host? you might try looking in any support knowledge bases they have. for my host, i found out how to set my own php.ini file in the support kb, for how to set the file upload size to whatever you want.

  11. #11
    SitePoint Wizard wheeler's Avatar
    Join Date
    Mar 2006
    Location
    Gold Coast, Australia
    Posts
    1,369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    currently with Australian company called hosting shop - there knowledgebase is far from comprehensive, it doesn't have anything about php.ini. Pretty hard to find great support and great speed these days.

    good thing cpanel/whm is so easy to use!
    Studiotime - Time Management for Web Developers
    to-do's, messages, invoicing, reporting - 30 day free trial!
    Thomas Multimedia Web Development

  12. #12
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    All changing that value does is to stop people from using sessions if they have disabled cookies. Usually the query string is only used to pass session details when cookies are disabled.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •