Phpsessid

philipz

Hello All,

I built a simple script to make a page cached in a user's browser for 2 hours (GMT Time).

<?php
$seconds_ahead = 7200 + time();
$gmt_plus_5 = gmdate( "D, d M Y H:i:s", $seconds_ahead );
header( "Expires: $gmt_plus_5 GMT" );
?>

Then I output the file named index.html.

<?php
$file = fopen("index.html", "r" );
while(!feof($file)) {
$buffer = fread($file, 4096);
print $buffer;
}
fclose( $file );
?>

The code works great and all but for some reason, the php code adds "?PHPSESSID=" followed by a long set of numbers and letters to all links on the page. It also seems to add a hidden <input> tag with the name "PHPSESSID" with the same set of numbers and letters in the value attribute in all <form> tags on the page. The funny thing is that if I refresh the page, the PHPSESSID stuff doesnt show up. Anyone have any suggestions because I dont want the PHPSESSID stuff to show up at all.

tha_mink

I think the session id gets added to the url if you have cookies disabled on your browser. The server needs that session id to continue the session. Try passing it through the header info. Like in a cookie.

MrAlaska

The PHPSSID shows up because when the page first opens, $_SESSION sets a cookie but does not know whether you accepted it until the next page, so it adds the PHPSSID to the links and inside the forms 'just in case'

There are a few ways to deal with it if you don't want PHPSSID to show up on the first page. The simplest would be to turn off url encoding, but page would then break for anybody who has cookies disabled. One slightly messy way would be to have the index page basically empty containing only a redirect to the page you want to display which would give PHP a chance to read the cookie. Another way, which would be a bit more work, would be to not use PHP $_SESSION's at all and build your own session management system that performs the way you want it to.

I am curious why you are using file() functions to do a job that appears as if a simple include would work:

include "index.html";

philipz

Thank you tha_mink and MrAlaska for your replies. To answer tha_mink's post, cookies are not disabled on my browser and it adds the session id to the links on the page. To answer MrAlaska's posting, thanks for the info about the session id's it was very interesting. And about the file(), I am a beginner and have worked in perl for the last 4 years so I didnt know that you could simple use the include statement to acheive the same results. Well I have done some checking and have found that I could remove the session id's with the following code.

session_start();
session_unset();
session_destroy();

I was doing some testing and found the for some reason or another the http header value for Cache-Control looks like this, "Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0" and wondered why it is automatically set not to cache files, or is it something I did.

MrAlaska

I must have misunderstood your original question, I thought you wanted to use native sessions but just did not want the PHPSSID to show up if cookies were enabled. If $_SESSION is starting on it's own, auto_start might be enabled in php.ini. Any page that does not have session_start() at the beginning should not generate any URL insertion on the following page, or on itself if it is the first page.

session.auto_start=0

I am pretty sure the cache info is set in the php.ini also.

session.cache_limiter=nocache
; set to {nocache,private,public}

I think the nocache is default because of the dynamic nature of so many PHP pages, or perhaps more likely to prevent users coming back to an expired session. I think if you turn sessions off it will not generate that header, but you can over-ride that by sending the headers you want with the header() function to tailor the caching for a page.

I personally do not use native sessions, so I have never played with these settings and am just guessing. If I am mistaken, please be gentle with me 🙂

philipz

Thanks again MrAlaska for your responce.

You spoke about php.ini, how can I change it if I am on shared hosting? If I am unable to modify it, then how could I modify session.auto_start and session.cache_limiter from within my script.

What I found is that with the following code,

header( "Cache-Control: " );
header( "Pragma: " );

I could stop the default caching. I must apologize if I sounded harsh in my last posting 🙂.

MrAlaska

Harsh? Huh??? Oh, you were responding to my request for gentleness lol

I have never used this function, but you should be able to use ini_set for those options and several others:

http://www.php.net/manual/en/function.ini-set.php
Check the user comments, that's where you usually find the funky issues.

ini_set("session.auto_start", "0");
ini_set("session.cache_limiter", "public");

I am not sure, but if auto_start is already set to '1' it might create problems getting ini_set to work properly, but it is worth a try. Other wise, you might be stuck with the methods you already have discovered.