.htaccess php_value session.use_only_cookies 1?

php_value session.use_only_cookies 1
php_value session.use_trans_sid 0

What do they do?

Assume I only place:-

php_value session.use_trans_sid 0

Will that do the trick and hide the php session ids from the urls? does it have any disadvantages?

Thanks,

VP,

From my reading at PHP.net, you only need to use session.use_only_cookies to protect your sensitive data:

Note: Your use of 1 is “true” and 0 is “false.”

Regards,

DK

Yes but several of my target audience may not have cookies enabled. So use only cookies may do more harm, or does is not force the use of cookies as I assume? Can my page sessions still behave as sessions?

VP,

If you’ve set “only,” then that means ONLY, i.e., you’re forcing the use of cookies. Set that to false/0 and your cookie-less friends will be able to join the party, too.

Regards,

DK

Ow you got me confused there.

What I want to do is disallow the showing up of the session id in page address. All of my users are on sessions alone no cookies. So what I was probably asking all along was whether putting…

php_value session.use_trans_sid 1

Will enable me to achieve the effect or not

thanks again in advance :slight_smile:

VP,

My reading of the two commands is that they conflict. I’d go with the cookies only set to 1 and use_trans set to 0.

You may want to scoot over to the PHP forum to ask over there, too. Hopefully, they’ll confirm my understanding.

Regards,

DK