[Resolved] ignoring session.use_only_cookies

freebie

Hi,
I'm trying to force cookies for session (vs url rewriting).
I have this at the top of the main page (which has a login form):
<?php
ini_set("session.use_only_cookies","1");
session_start();
//...

?>
But the form always comes up with the hidden input (phpsessid).
The manual page for ini_set says that this setting can be set at the any level (PHP_INI_ALL), thus setting this in the script should take effect, but for some reason it's not doing so.

Here are my session settings.

session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid On On

I don't want to set this at the php.ini level because I don't want it to affect all sites. I'm going to try setting this at the .htaccess level, but I don't see why in would make any difference, since this variable can be set at any level.

Has anyone come across this problem.

freebie

well, for whatever reason it wasn't taking with the ini_set, but I did it with .htaccess using

php_flag session.use_only_cookies on
php_flag session.use_trans_sid off

Better to use .htaccess anyways that way it only needs to be done once.

maybe if I had also set the use_trans_sid to off with ini_set, then it probably would have worked.